|
Table Of Contents
Caveats for Cisco IOS Release 12.3
Open Caveats—Cisco IOS Release 12.3(26)
Resolved Caveats—Cisco IOS Release 12.3(26)
Resolved Caveats—Cisco IOS Release 12.3(25)
Resolved Caveats—Cisco IOS Release 12.3(24a)
Resolved Caveats—Cisco IOS Release 12.3(24)
Resolved Caveats—Cisco IOS Release 12.3(23)
Resolved Caveats—Cisco IOS Release 12.3(22a)
Resolved Caveats—Cisco IOS Release 12.3(22)
Resolved Caveats—Cisco IOS Release 12.3(21b)
Resolved Caveats—Cisco IOS Release 12.3(21a)
Resolved Caveats—Cisco IOS Release 12.3(21)
Resolved Caveats—Cisco IOS Release 12.3(20a)
Resolved Caveats—Cisco IOS Release 12.3(20)
Resolved Caveats—Cisco IOS Release 12.3(19a)
Resolved Caveats—Cisco IOS Release 12.3(19)
Resolved Caveats—Cisco IOS Release 12.3(18a)
Resolved Caveats—Cisco IOS Release 12.3(18)
Resolved Caveats—Cisco IOS Release 12.3(17c)
Resolved Caveats—Cisco IOS Release 12.3(17b)
Resolved Caveats—Cisco IOS Release 12.3(17a)
Resolved Caveats—Cisco IOS Release 12.3(17)
Resolved Caveats—Cisco IOS Release 12.3(16a)
Resolved Caveats—Cisco IOS Release 12.3(16)
Resolved Caveats—Cisco IOS Release 12.3(15b)
Resolved Caveats—Cisco IOS Release 12.3(15a)
Resolved Caveats—Cisco IOS Release 12.3(15)
Resolved Caveats—Cisco IOS Release 12.3(13b)
Resolved Caveats—Cisco IOS Release 12.3(13a)
Resolved Caveats—Cisco IOS Release 12.3(13)
Resolved Caveats—Cisco IOS Release 12.3(12e)
Resolved Caveats—Cisco IOS Release 12.3(12d)
Resolved Caveats—Cisco IOS Release 12.3(12c)
Resolved Caveats—Cisco IOS Release 12.3(12b)
Resolved Caveats—Cisco IOS Release 12.3(12a)
Resolved Caveats—Cisco IOS Release 12.3(12)
Resolved Caveats—Cisco IOS Release 12.3(10f)
Resolved Caveats—Cisco IOS Release 12.3(10e)
Resolved Caveats—Cisco IOS Release 12.3(10d)
Resolved Caveats—Cisco IOS Release 12.3(10c)
Resolved Caveats—Cisco IOS Release 12.3(10b)
Resolved Caveats—Cisco IOS Release 12.3(10a)
Resolved Caveats—Cisco IOS Release 12.3(10)
Novell IPX, XNS, and Apollo Domain
Caveats for Cisco IOS Release 12.3
September 24, 2008
Cisco IOS Release 12.3(26)
OL-4353-20
This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.3, up to and including Cisco IOS Release 12.3(26). Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
To improve this document, we would appreciate your comments. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically at http://www.cisco.com/feedback/ or contact caveats-doc@cisco.com. For more information, see the "Obtaining Documentation and Submitting a Service Request" section on page 1024.
How to Use This Document
This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:
•The "Open Caveats" section lists open caveats that apply to the current release and may apply to previous releases.
•The "Resolved Caveats" sections list caveats resolved in a particular release, but open in previous releases.
Within the sections the caveats are sorted by technology in alphabetical order. For example, AppleTalk caveats are listed separately from, and before, IP caveats. The caveats are also sorted alphanumerically by caveat number.
If You Need More Information
Cisco IOS software documentation can be found on the web through Cisco.com. For information on Cisco.com, see the "Obtaining Documentation and Submitting a Service Request" section on page 1024.
For more information on caveats and features in Cisco IOS Release 12.3, refer to the following sources:
•Dictionary of Internetworking Terms and Acronyms—The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this caveats document.
•Bug Toolkit—If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Products and Services: Cisco IOS Software: Cisco IOS Software Releases 12.3: Troubleshooting: Bug Toolkit. Another option is to go to http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl.
(If the defect that you have requested cannot be displayed, this may be due to one of more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)
•Release Notes for Cisco IOS Release 12.3—These release notes describe new features and significant software components for Cisco IOS software Release 12.3.
•Deferral Advisories and Software Advisories for Cisco IOS Software—Deferral Advisories and Software Advisories for Cisco IOS Software provides information about caveats that are related to deferred software images for Cisco IOS releases. If you have an account on Cisco.com, you can access Deferral Advisories and Software Advisories for Cisco IOS Software at http://www.cisco.com/public/sw-center/sw-ios-advisories.shtml.
•What's New for IOS—What's New for IOS lists recently posted Cisco IOS software releases and software releases that have been removed from Cisco.com. If you have an account on Cisco.com, you can access What's New for IOS at http://www.cisco.com/public/sw-center/sw-ios.shtml.
Note Release notes are modified only on an as-needed basis. The maintenance release number and the revision date represent the last time the release notes were modified to include new or updated information. For example, release notes are modified whenever any of the following items change: software or hardware features, feature sets, memory requirements, software deferrals for the platform, microcode or modem code, or related documents.
The most recent release notes when this caveats document was published were Release Notes for
Cisco IOS Release 12.3, for Cisco IOS Release 12.3(26) on March 18, 2008.Contents
The caveats documentation for Cisco IOS Release 12.3 consists of the following subsections:
Cross-Platform Release Notes for Cisco IOS Release 12.3, Part 5:
Caveats for 12.3(10) through 12.3(26)•Open Caveats—Cisco IOS Release 12.3(26)
•Resolved Caveats—Cisco IOS Release 12.3(26)
•Resolved Caveats—Cisco IOS Release 12.3(25)
•Resolved Caveats—Cisco IOS Release 12.3(24a)
•Resolved Caveats—Cisco IOS Release 12.3(24)
•Resolved Caveats—Cisco IOS Release 12.3(23)
•Resolved Caveats—Cisco IOS Release 12.3(22a)
•Resolved Caveats—Cisco IOS Release 12.3(22)
•Resolved Caveats—Cisco IOS Release 12.3(21b)
•Resolved Caveats—Cisco IOS Release 12.3(21a)
•Resolved Caveats—Cisco IOS Release 12.3(21)
•Resolved Caveats—Cisco IOS Release 12.3(20a)
•Resolved Caveats—Cisco IOS Release 12.3(20)
•Resolved Caveats—Cisco IOS Release 12.3(19a)
•Resolved Caveats—Cisco IOS Release 12.3(19)
•Resolved Caveats—Cisco IOS Release 12.3(18a)
•Resolved Caveats—Cisco IOS Release 12.3(18)
•Resolved Caveats—Cisco IOS Release 12.3(17c)
•Resolved Caveats—Cisco IOS Release 12.3(17b)
•Resolved Caveats—Cisco IOS Release 12.3(17a)
•Resolved Caveats—Cisco IOS Release 12.3(17)
•Resolved Caveats—Cisco IOS Release 12.3(16a)
•Resolved Caveats—Cisco IOS Release 12.3(16)
•Resolved Caveats—Cisco IOS Release 12.3(15b)
•Resolved Caveats—Cisco IOS Release 12.3(15a)
•Resolved Caveats—Cisco IOS Release 12.3(15)
•Resolved Caveats—Cisco IOS Release 12.3(13b)
•Resolved Caveats—Cisco IOS Release 12.3(13a)
•Resolved Caveats—Cisco IOS Release 12.3(13)
•Resolved Caveats—Cisco IOS Release 12.3(12e)
•Resolved Caveats—Cisco IOS Release 12.3(12d)
•Resolved Caveats—Cisco IOS Release 12.3(12c)
•Resolved Caveats—Cisco IOS Release 12.3(12b)
•Resolved Caveats—Cisco IOS Release 12.3(12a)
•Resolved Caveats—Cisco IOS Release 12.3(12)
•Resolved Caveats—Cisco IOS Release 12.3(10f)
•Resolved Caveats—Cisco IOS Release 12.3(10e)
•Resolved Caveats—Cisco IOS Release 12.3(10d)
•Resolved Caveats—Cisco IOS Release 12.3(10c)
•Resolved Caveats—Cisco IOS Release 12.3(10b)
•Resolved Caveats—Cisco IOS Release 12.3(10a)
•Resolved Caveats—Cisco IOS Release 12.3(10)
Cross-Platform Release Notes for Cisco IOS Release 12.3, Part 6:
Caveats for 12.3(6) through 12.3(9e)•Resolved Caveats—Cisco IOS Release 12.3(9e), page 421
•Resolved Caveats—Cisco IOS Release 12.3(9d), page 422
•Resolved Caveats—Cisco IOS Release 12.3(9c), page 429
•Resolved Caveats—Cisco IOS Release 12.3(9b), page 436
•Resolved Caveats—Cisco IOS Release 12.3(9a), page 439
•Resolved Caveats—Cisco IOS Release 12.3(9), page 455
•Resolved Caveats—Cisco IOS Release 12.3(6f), page 539
•Resolved Caveats—Cisco IOS Release 12.3(6e), page 540
•Resolved Caveats—Cisco IOS Release 12.3(6c), page 547
•Resolved Caveats—Cisco IOS Release 12.3(6b), page 554
•Resolved Caveats—Cisco IOS Release 12.3(6a), page 559
•Resolved Caveats—Cisco IOS Release 12.3(6), page 571
Cross-Platform Release Notes for Cisco IOS Release 12.3, Part 7:
Caveats for 12.3(1) through 12.3(5f)•Resolved Caveats—Cisco IOS Release 12.3(5f), page 655
•Resolved Caveats—Cisco IOS Release 12.3(5e), page 656
•Resolved Caveats—Cisco IOS Release 12.3(5d), page 665
•Resolved Caveats—Cisco IOS Release 12.3(5c), page 680
•Resolved Caveats—Cisco IOS Release 12.3(5b), page 696
•Resolved Caveats—Cisco IOS Release 12.3(5a), page 698
•Resolved Caveats—Cisco IOS Release 12.3(5), page 702
•Resolved Caveats—Cisco IOS Release 12.3(3i), page 793
•Resolved Caveats—Cisco IOS Release 12.3(3h), page 794
•Resolved Caveats—Cisco IOS Release 12.3(3g), page 807
•Resolved Caveats—Cisco IOS Release 12.3(3f), page 814
•Resolved Caveats—Cisco IOS Release 12.3(3e), page 842
•Resolved Caveats—Cisco IOS Release 12.3(3c), page 844
•Resolved Caveats—Cisco IOS Release 12.3(3b), page 845
•Resolved Caveats—Cisco IOS Release 12.3(3a), page 849
•Resolved Caveats—Cisco IOS Release 12.3(3), page 856
•Resolved Caveats—Cisco IOS Release 12.3(1a), page 963
•Resolved Caveats—Cisco IOS Release 12.3(1), page 972
•Obtaining Documentation and Submitting a Service Request, page 1024
Open Caveats—Cisco IOS Release 12.3(26)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(26). All the caveats listed in this section are open in Cisco IOS Release 12.3(26). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Miscellaneous
•CSCin95455
Symptoms: The connect global configuration command presents duplicate options; that is, there appear to be two switching subsystems.
Conditions: This symptom is observed on a Cisco router when you attempt to configure the connect global configuration command for ATM.
Workaround: There is no workaround.
•CSCse44079
Symptoms: CPU utilization may reach 100 percent in the IGMP Input process when a UDL interface is down. When the downstream UDL interface (on the downstream router) goes down, any (downstream router) locally received IGMP report/leave will be sent 255 times to the router itself and will cause high CPU utilization.
Conditions: This symptom is observed on a Cisco router that has a UDL interface that is connected to a satellite link after you have upgraded the Cisco IOS software image from Release 12.4(5a) to Release 12.4(7a). However, the symptom is not release-specific.
Workaround: There is no workaround.
Further Problem Description: When the UDL link goes down, the downstream router starts to flood IGMP reports to itself, and in Releases 12.4(7a), 12.4(8), and 12.3(19), Cisco IOS software is really processing these packets, which has a big impact on CPU utilization.
•CSCsf96266
Symptoms: Unable to obtain low latency for priority traffic while LLQ is configured.
Conditions: This is happening while LLQ is configured with IPsec and IPsec-GRE tunnels.
Workaround: There is no workaround.
•CSCsi18669
Symptoms: QoS Group Marking may not function.
Conditions: This symptom is observed on a Cisco router after you have reloaded the router.
Workaround: Detach the policy map from the interface and then re-attach it to the interface.
•CSCsi83714
Symptoms: A Cisco 7206VXR (NPE-G1) that is running Cisco IOS Release 12.3(22) has a software-forced reload because of a memory corruption. The memory pool type is Processor rip_create_rdb.
Conditions: The Cisco 7206VXR (NPE-G1) with Cisco IOS Release 12.3(22) was running fine for one month before the crash occurred. The crash occurred during/after some configuration changes, which were done regularly. The crash occurred only once.
Workaround: There is no workaround.
•CSCsk51939
Symptoms: After multiple calls are established, and then calls are disconnected by the users, new calls cannot be established.
Conditions: This problem is seen when using a Cisco 3660 router with a digital modem network module, NM-30DM. This problem is seen in all Cisco IOS 12.2 and 12.3 releases.
Workaround: Reloading the router will allow new calls to be established.
•CSCsk80813
Symptoms: AP does not seem to handle PAC provisioning for the Windows OS Vista client.
Conditions: This symptom is observed with the AP running 12.3(8) JEB.
Workaround: There is no workaround.
•CSCsl42554
Symptoms: All CMs became offline with no alert or log message. When the clear cable modem all del command was executed, no CM was ranging. When checked, upconverter signal was okay and ucd counter was also normal.
As there was no log and no other specific information remained, it is hard to know the root cause.
Conditions: This symptom is observed only on the MC520H card.
Workaround: Enter the cable downstream rf-shutdown command followed by the no cable downstream rf-shutdown command.
Further Problem Description: This is similar to CSCsj03260; Externally found moderate (Sev3) bug: Resolved (R); modem stay offline after modulation switch om MC5x20H. But this is integrated at 12.3(21a)BC4 and DE said that this is different. And customer did not use dynamic modulation.
•CSCsm60103
Symptoms: After the AP (AIR-AP1231G-E-K9) is upgraded to 12.3(8).JEC, a periodic loss of interface "Dot11Radio0" is seen because of "failed - Driver transmit queue stuck." This results in only a brief service interruption; the AP and radio do recover and start servicing again within 1 to 2 seconds.
Conditions: This symptom is observed under normal operation.
Workaround: There is no workaround.
Further Problem Description: The following is the syslog record of the failure and recovery:
Dec 19 10:51:23: %DOT11-2-RADIO_FAILED: Interface Dot11Radio0,failed - Driver transmit queue stuck -Traceback= 19670 420248 427A64 428C20 42B31C 3D1BA4 3D457C 3D8DAC 4BB43C 4B6C30 24306C
Dec 19 10:51:23: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down Dec 19 10:51:23: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset Dec 19 10:51:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down Dec 19 10:51:24: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up Dec 19 10:51:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
•CSCsm62622
Symptoms: Applying an access group to physical interfaces modifies the ACL in the running configuration.
Conditions: When a physical interface is made a part of a bridge group and when the physical interface has an "ip access-group <list> [in/out]" assigned from a corresponding access list, and if this ACL has "logging" labeled, then the running configuration is modified at the first list match that hits any of the bridged interfaces in such a way that the logging is removed from the ACL.
Workaround: Instead of assigning the ACL to a physical interface, create a BVI interface for the bridge group and assign the ACL to the BVI.
Further Problem Description: The following is a sample interface configuration.
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid tsunami
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role non-root bridge
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
ssid tsunami
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role non-root bridge
bridge-group 1
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
hold-queue 160 in
!
interface BVI1
ip address 10.0.0.12 255.255.255.224
ip access-group 105 in
no ip route-cache
!
access-list 105 deny ip 127.0.0.0 0.255.255.255 any log
access-list 105 deny ip 5.5.5.0 0.0.0.255 any log
access-list 105 permit ip any any log•CSCso03047
Symptoms: The multilink interfaces stop forwarding traffic, and the serial interfaces out of the multilink start to flap.
Conditions: This symptom is observed when the E3 controller is saturated.
Workaround: Enter the shutdown command followed by the no shutdown command on the controller.
•CSCso11620
Symptoms: A Cisco AS5400 router crashes with a bus error at sstrncpy. The error message will look like the following:
System returned to ROM by bus error at PC 0x6184FA30, address 0xD0D0D0D
Conditions: This symptom is observed on a Cisco AS5400 router.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(26)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(26). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(26). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Miscellaneous
•CSCec12299
Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended communities on the PE device.
This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.
•CSCse92050
Symptoms: A router may reload unexpectedly when a routing event causes multicast boundary to be configured on a Reverse Path Forwarding (RPF) interface.
Conditions: This symptom is observed on a Cisco platform that is configured for PIM.
Workaround: Remove multicast boundary from the configuration.
•CSCsg21398
Symptoms: The Cisco IOS software image may unexpectedly restart when a crafted "msg-auth-response-get-user" TACACS+ packet is received.
Conditions: This symptom is observed after the Cisco platform had send an initial "recv-auth-start" TACACS+ packet.
Workaround: There is no workaround.
•CSCsg39295
Symptoms: Password information may be displayed in a syslog message as follows:
%SYS-5-CONFIG_I: Configured from scp://userid:password@10.1.1.1/config.txt by console
Conditions: This symptom is observed when using SNMP to modify a configuration by means of the CISCO-CONFIG-COPY-MIB; selection of ConfigCopyProtocol of SCP or FTP may result in the password being exposed in a syslog message.
Workaround: When using SNMP to modify a configuration by means of the CISCO-CONFIG-COPY-MIB, use the ConfigCopyProtocol of RCP to avoid exposure of the password.
•CSCsh04686
Symptoms: With X.25 over TCP (XOT) enabled on a router or Catalyst switch, malformed traffic that is sent to TCP port 1998 causes the device to reload. This symptom was first observed in Cisco IOS Release 12.2(31)SB2.
Conditions: This symptom is observed only when X.25 routing is enabled on the device.
Workaround: Use IPsec or other tunneling mechanisms to protect XOT traffic. Also, apply ACLs on affected devices so that traffic is accepted only from trusted tunnel endpoints.
•CSCsh74975
Symptoms: A router may reload or a memory leak may occur when UDP malformed packets are sent to port 2517.
Conditions: This symptom is observed on a Cisco router that functions as a VoIP dial peer and that is configured for H.323.
Workaround: There is no workaround.
•CSCsi03359
Symptoms: A PIM hello message may not reach the neighbor.
Conditions: This symptom is observed on a Cisco router when an interface comes up and a PIM hello message is triggered.
Workaround: Decrease the hello timer for PIM hello messages.
Further Problem Description: The symptom occurs because the PIM hello message is sent before the port can actually forward IP packets. IGP manages to get its neighborship up but PIM does not, causing RPF to change to the new neighbor and causing blackholing to occur for up to 30 seconds.
•CSCsi67763
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.
Cisco response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
•CSCsj12867
Symptoms: The following message can be seen after executing the write memory command, even though the version has not been changed.
Router# write memoryWarning: Attempting to overwrite an NVRAM configuration previously written by a different version of the system image. Overwrite the previous NVRAM configuration?[confirm]The router then restarts with the following traceback:
-Traceback= 6067F3DC 6067FB38 605E3FE8 60686384 605E3FE8 605188BC 60518830 605444D4 60539164 6054719C 605AB65C 605AB648Conditions: This symptom is observed on a Cisco 7206 VXR (NPE-400) with C7200-IO-FE-MII/RJ45= or C7200-I/O= running the Cisco IOS Release 12.2(24a) interim build.
Workaround: There is no workaround.
•CSCsk68320
Symptoms: A switch aborts or reloads after the no ip routing command is entered.
Conditions: This symptom is observed when a Supervisor Engine IV is configured with a minimal IP multicast and Multicast Source Discovery Protocol (MSDP) configuration.
Workaround: There is no workaround.
•CSCsk97261
Symptoms: Router crashes with an Unexpected exception to CPUvector traceback.
Conditions:
Issuing the modemui command with a large input parameter in the [modem-commands], such as:
host>modemui ATZaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaOKOKOKHost:00:05:30 UTC Mon Mar 1 1993: Unexpected exception to CPUvector 1200, PC = 804829C4 -Traceback= 804829C4 8049E4B0 8049E798 80492924 803CAE9C 803CB7E0 803CB6D8 803CDE88 80574D04 805759 78 803A6CC8 80CA1B60 80CA2008 80CA21FC 80CA21FC 80CA21FCMore information about the Cisco Modem User Interface feature is available at: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_ guide09186a0080087bf9.html
Workaround:There is no workaround.
•CSCsl47915
Symptoms: OSPF is redistributing in RIP using a route map, based on a prefix list. Every time the prefix list is changed, the RIP database is not updated.
Conditions: This symptom is observed when a new network is added to the prefix list. The show ip route network command shows that the network is not advertised by RIP. The clear ip route network command will fix the problem.
Workaround: There is no workaround.
•CSCsl70143
Symptoms: Under heavy traffic, ISDN calls may be rejected due to high CPU usage with the following messages seen in the log (with tracebacks):
%IVR-3-LOW_CPU_RESOURCE: IVR: System experiencing high cpu utilization (98/100). Call (callID=23524) is rejected.
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (32/18),process = ISDN.
Conditions: This problem occurs only under heavy traffic.
Workaround: There is no workaround.
•CSCsl70722
Symptoms: A router running Cisco IOS may crash due to watchdog timeout.
Conditions: Occurs when IP SLA probes are configured and active for a period of 72 weeks. After this much time has passed, polling the rttmon mib for the probe statistics will cause the router to reload. Then the problem will not be seen again for another 72 weeks.
Workaround: There is no workaround.
•CSCsl95431
Symptoms: A router may reload when malformed packets are sent to the TFTP UDP port.
Conditions: This symptom is observed when malformed traffic is sent to the router's TFTP UDP port 69.
Workaround: There is no workaround.
•CSCsm26130
Symptoms: When removing a subinterface from the configuration that contains an IP address that falls into the major net of the static route, the static route is no longer injected into the BGP table. Since the route is not in the BGP table, it is not advertised to any peers.
Conditions: This symptom is observed with auto-summary enabled in BGP. A static summary route is configured to null0 and is injected into the BGP table with a network statement.
Workaround: There are four possible workarounds:
1) Use an "aggregate-address" configuration instead of the static route to generate the summary.
2) Remove auto-summary from the BGP process.
3) Enter the clear ip bgp * command.
4) Remove and reconfigure the BGP network statement for the summary route.
•CSCsm34361
Symptoms: TCP ports may not show open as required during port scanning using NMAP.
Conditions: This symptom is observed on a Cisco 7200 router.
Workaround: There is no workaround.
•CSCsm43993
Symptoms: A Cisco SOHO 78 router freezes while booting. A power-cycle is required to restore it to operational condition.
Conditions: The router freezes after self-decompressing the image.
Workaround: There is no workaround.
•CSCso03047
Symptoms: The multilink interfaces stop forwarding traffic, and the serial interfaces out of the multilink start to flap.
Conditions: This symptom is observed when the E3 controller is saturated.
Workaround: Enter the shutdown command followed by the no shutdown command on the controller.
•CSCso15151
Symptoms: When Multicast Distributed Fast Switching is configured, a VIP crashes on a Cisco 7500 router that is running a Cisco IOS 12.3 release.
Conditions:
1) The router has around 1000 interfaces/subinterfaces.
2) Distributed multicast is configured.
3) The router is running any Cisco IOS 12.3 release.
Workaround: There is no workaround.
Further Problem Description: In summary, the line card is accessing the memory location that has been freed already. This results in the VIP crashing. There are sanity checks that are missing in Cisco IOS 12.3 releases. The problem is similar to what bug CSCdm29808 does on line cards of the Cisco 12000 Internet series router (this router does not support Cisco IOS Release 12.3). This basically checks if the interface index on MDFS messages is less than the MDFS Idb map size, which indicates the current size of the Idb map table.
Resolved Caveats—Cisco IOS Release 12.3(25)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(25). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(25). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCsh48919
Symptoms: With an ATA flash card, the dir disk0: command will fail if any filename or directory name stored on disk0 contains embedded spaces. This applies to disk1 or disk2 as well. This situation can also occur with a compact flash (CF) card using the dir flash: command.
Conditions: This symptom has been observed when using a removable flash card, such as an ATA flash car or CF card, that is formatted to use DOSFS. The removable flash card is removed from the router and inserted into a laptop that is running a version of the Microsoft Windows operating system. A "New Folder" directory is created on the flash card and the flash card is removed from the laptop and re-inserted into the router. Entering the dir command on the router may fail to show all of the stored files or may crash the router.
Workaround: Remove or rename all files and directories having names with embedded spaces so that no file or directory names contains embedded spaces.
•CSCsh74975
Symptoms: A router may reload or a memory leak may occur when UDP malformed packets are sent to port 2517.
Conditions: This symptom is observed on a Cisco router that functions as a VoIP dial peer and that is configured for H.323.
Workaround: There is no workaround.
•CSCsk70446
Symptoms: A traceback is noticed when long URLs are used to configure a device using Cisco IOS HTTP web parser. The device does not crash.
Conditions: Trying to configure commands that have a single keyword or parameter greater than N characters in length using the web-based Cisco IOS command parser causes a traceback where N is:
–50 for Cisco IOS Release 12.0 and later releases
–128 for Cisco IOS Release 12.2 and later releases
–256 for Cisco IOS Release 12.2(25) and later releases
Workaround: Avoid using the web-based command line parser for CLI commands with long keywords or arguments.
•CSCsk93113
Symptoms:
A router crashes with a TLB (load or instruction fetch) exception segmentation fault or a Breakpoint exception.
Conditions:
TLB (Load or Instruction Fetch) Exception Segmentation Fault Crash
From the (tcl) CLI prompt, issue the "ea_display_pitem" or "ea_display_msg" commands with a large ID input parameter such as:
router(tcl)# ea_display_msg 999999999or
router(tcl)# ea_display_pitem 99999999914:02:10 UTC Sat Jul 28 2001: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x61B3CCA8
-----------------------------------------------------------------------------------
Possible software fault. Upon recurrence, please collect crashinfo, "show tech" and contact Cisco Technical Support.
-----------------------------------------------------------------------------------
-Traceback= 61B3CCA8 61B1DCBC 61B2725C 61B1C518 60759B24 607D8914 607D88F8 $0 : 00000000, AT : 632D0000, v0 : EEC550B8, v1 : 316EBFFD a0 : 00000000, a1 : 00000000, a2 : 63B2FD21, a3 : 00000039 t0 : 107A3FFF, t1 : 0000000C, t2 : 0000000D, t3 : 0000000B t4 : 0000000A, t5 : 00000000, t6 : 63B2FDC4, t7 : 63B2FDC0 s0 : 2012F338, s1 : 63B32648, s2 : 634F3219, s3 : 634F50D0 s4 : 63B32648, s5 : 8B75FFE8, s6 : 00000002, s7 : 631E0000 t8 : 63B2FE10, t9 : 00000000, k0 : 3040D001, k1 : 00000800 gp : 632D5328, sp : 2012F2C0, s8 : 634F31FC, ra : 61B3CC98 EPC : 61B3CCA8, ErrorEPC : BFC018D4, SREG : 3400FF03 MDLO : 00000003, MDHI : 280ED7D0, BadVaddr : EEC550C4 Cause 00000008 (Code 0x2): TLB (load or instruction fetch) exception
00:05:30 UTC Mon Mar 1 1993: Unexpected exception to CPUvector 1200, PC = 804829C4 -Traceback= 804829C4 8049E4B0 8049E798 80492924 803CAE9C 803CB7E0 803CB6D8 803CDE88 80574D04 805759 78 803A6CC8 80CA1B60 80CA2008 80CA21FC 80CA21FC 80CA21FC
Breakpoint Exception Crash
From the (tcl) CLI prompt, download a very large file such as:
router(tcl)# source tftp://192.168.10.10/very-large-fileOpening file: tftp://192.168.10.10/very-large-file, buffer size=65536
Loading target from 192.168.10.10 (via GigabitEthernet0/2): !!!!!!!!!!!!!
========= Dump bp = 2036B72C ======================2036B62C: FD0110DF AB1234CD 8A 502B7AF8 62A7FF74 616E96A8 2036B67C 2036B5F8 2036B64C: 80000012 1 0 63BF7AA0 0 400 0 8 2036B66C: 0 0 0 FD0110DF AB1234CD 1E 639C1A58 623BCD20 2036B68C: 60B26684 2036B6E0 2036B644 8000001E 1 0 2017A9DC 200302F4 2036B6AC: 623BCC3C 200302F4 1 3 1 3 0 0
=== output truncated ===
%Software-forced reload
14:47:00 UTC Sat Jul 28 2001: Breakpoint exception, CPU signal 23, PC = 0x6080A0C0
-----------------------------------------------------------------------------------
Possible software fault. Upon recurrence, please collect crashinfo, "show tech" and contact Cisco Technical Support. -----------------------------------------------------------------------------------
-Traceback= 6080A0C0 60808014 607EDCE4 607EAF44 61B307D4 61B1DCBC 61B2725C 61B1C518 60759B24 607D8914 607D88F8 $0 : 00000000, AT : 632D0000, v0 : 636A0000, v1 : 636A0000 a0 : 6366A408, a1 : 0000FF00, a2 : 00000000, a3 : 62FF0000 t0 : 6080F7A0, t1 : 3400FF01, t2 : 6080F7A0, t3 : FFFF00FF t4 : 6080F7A0, t5 : 36423734, t6 : 78312030, t7 : 32324431 s0 : 00000000, s1 : 00000000, s2 : 63010000, s3 : 634308E0 s4 : 2036B754, s5 : 202AEDB8, s6 : 63010000, s7 : 631E0000 t8 : 63B2FCF4, t9 : 00000002, k0 : 3040D001, k1 : 00000800 gp : 632D5328, sp : 202AEB68, s8 : 634F31FC, ra : 60808014 EPC : 6080A0C0, ErrorEPC : BFC018D4, SREG : 3400FF03 MDLO : 00000000, MDHI : 00000006, BadVaddr : 0B6719BC Cause 00000024 (Code 0x9): Breakpoint exception
Cisco IOS software introduced the ability to support Tool Command Language (Tcl) version 7.0 commands as part of the Cisco IOS Interactive Voice Response feature in Cisco IOS Release 12.0(6)T and later. For further information, see http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/vapp_dev/tclivrpg.htm.
The Cisco IOS Scripting with Tcl feature provides the ability to run Tool Command Language (Tcl) version 8.3.4 commands and was introduced from Cisco IOS Release 12.3(2)T. For further information, see http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gt_tcl.htm.
Workaround:
AAA Authorization
AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user's profile, which is located either in the local user database or on the security server, to configure the user's session. Once this is done, the user will be granted access to a requested service only if the information in the user profile allows it.
For a complete description of authorization commands, see the following links:
Configuring Authorization
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/schathor.htm
ACS 4.1 Command Authorization Sets
ACS 4.1 Configuring a Shell Command Authorization Set for a User Group
Role-Based CLI Access
The Role-Based CLI Access feature allows the network administrator to define "views," which are a set of operational commands and configuration capabilities that provide selective or partial access to Cisco IOS EXEC and configuration (Config) mode commands. Views restrict user access to Cisco IOS command-line interface (CLI) and configuration information; that is, a view can define what commands are accepted and what configuration information is visible. Thus, network administrators can exercise better control over access to Cisco networking devices.
The following link provides more information about the Role-Based CLI Access feature:
Role-Based CLI Access
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html
Device Access
Due to the nature of this vulnerability, networking best practices such as access control lists (ACLs) and Control Plane Policing (CoPP) that restrict vulnerable device access to certain IP addresses or subnetworks may not be effective. Device access best practices provide some mitigation for these issues by allowing systemic control of authenticated and unauthenticated users. Device access best practices are documented in:
Infrastructure Protection on Cisco IOS Software-Based Platforms, Appendix B—Controlling Device Access http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6970/ps1838/prod_white_paper0900aecd804ac831.pdf
Improving Security on Cisco Routers
http://www.cisco.com/warp/public/707/21.html
•CSCsl02927
Symptoms: With no traffic on a PA-A6-OC3SMi card, the max ICMP pings times are seen at 352 ms to 384 ms when testing to an ATM loopback diag. Min/avg are 1/4. This is seen with 1500-byte packets.
Conditions: This symptom is observed with a 7206vxr backplane version 2.8- 2.11 with the PA-A6-OC3SMi ATM card.
Workaround: There is no workaround.
Further Problem Description: This symptom is not observed with version 2.8- 2.11 with the PA-A3-T3 card.
Sending 200, 1500-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (200/200), round-trip min/avg/max = 1/3/352 ms
Router# ping 10.1.1.1 repeat 200 size 1500
•CSCsl34303
Symptoms: A Cisco 7200 router crashes when unconfiguring service policy from a Multilink Frame Relay (MFR) interface.
Conditions: This symptom is observed if one of the MFR bundle link interfaces was previously being used for Multilink PPP over Frame Relay. Changing the encapsulation may not clean up queuing configuration properly—a dual FIFO queue may remain on the interface.
Workaround: Ensure that a dual FIFO queue is not present on the MFR bundle link interface. It should be plain FIFO queue. If it is a dual FIFO, change the interface to HDLC encapsulation, which should remove the dual FIFO queue, then back to MFR bundle link encapsulation.
•CSCsl48149
Symptoms: This issue is observed only when the NVRAM file path length is greater than 355 characters, which is very much a corner case.
Conditions: This issues occurs when the NVRAM file name length is more than 355 characters. Trigger: it is not possible to create an NVRAM file name length of more than 32 characters. A problem in the base code is the root cause. The impact is very minimal to nil.
Workaround: There is no workaround needed.
Resolved Caveats—Cisco IOS Release 12.3(24a)
Cisco IOS Release 12.3(24a) is a rebuild release for Cisco IOS Release 12.3(24). The caveats in this section are resolved in Cisco IOS Release 12.3(24a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCei16552
Symptoms: The default engine ID shows up in the running configuration.
Conditions: The engine ID shows up in the running configuration even if no engine ID is explicitly configured.
Workaround: There is no workaround.
•CSCek77360
Symptoms: TACACS authentication fails.
Conditions: One Telnet session, disconnect, second Telnet session done, then enter the show tcp brief command on the UUT, expected Username prompted, but failed.
Workaround: There is no workaround.
•CSCsk70446
Symptoms: A traceback is noticed when long URLs are used to configure a device using Cisco IOS HTTP web parser. The device does not crash.
Conditions: Trying to configure commands that have a single keyword or parameter greater than N characters in length using the web-based Cisco IOS command parser causes a traceback where N is:
–50 for Cisco IOS Release 12.0 and later releases
–128 for Cisco IOS Release 12.2 and later releases
–256 for Cisco IOS Release 12.2(25) and later releases
Workaround: Avoid using the web-based command-line parser for CLI commands with long keywords or arguments.
Miscellaneous
•CSCsa67433
The relation between addresses in the data part of a buffer dump and addresses in the buffer header is broken. Addresses in the header are real memory addresses, while addresses in the data part are simply byte count from the beginning of the current memory block.
This behavior was introduced in CSCee24363.
Workaround: network_start should always be 84 bytes (ENCAPBYTES) from data_area.
•CSCsb86537
Customer has the following topology:
ISDN--2811--MGCP-----CCM/IPCC AA---Phones
Incoming call hits the AA, and the caller enters an extension. The call gets transferred, and the PSTN caller hears the ringback. The ringback stops immediately when the PSTN user hits any key on the phone (in this case, a # was pressed). Then there is a small ringback just before the call goes to voicemail. Turned on the following traces:
–deb isdn q931
–deb mgcp pack
–deb voip hpi comm
–deb voip hpi det
Trace shows the dsp turns off the tone upon pressing the # key. The MGCP trace shows GW receives G/rt just before it goes to the extension's voicemail. I am not sure why the gateway asks the dsp to turn off the ringback tone. I have included the sh ver and sh run where with and the trace as an attachment. Customer claims that any DID call to an IP phone bypassing the AA experiences the same problem. I made a few test calls to the DID number and pressed the # key or any other keys. It did not stop the dialtone. For the customer, it happens every time from landline or a mobile phone. But ringback stops immediately when I call through AA.
•CSCsh74975
Symptoms: A router may reload or a memory leak may occur when UDP malformed packets are sent to port 2517.
Conditions: This symptom is observed on a Cisco router that functions as a VoIP dial peer and that is configured for H.323.
Workaround: There is no workaround.
•CSCsj94539
Symptoms: Spurious Alarm events on PA-MC-8TE1+ can cause a router crash on a Cisco 7200.
Conditions: 1. Huge Line Errors. 2. Issue is seen only with a Cisco 7200 and PA-MC-8TE1+ PA.
Workaround: Check the line for errors and clear them.
•CSCsk19661
Symptoms: In a Cisco 7500 HA router in RPR+ mode when configuring and unconfiguring channel groups under an E1 controller, the router reports the following:
*Aug 22 17:58:34.970: %HA-2-IPC_ERROR: Failed to open peer port. timeout
*Aug 22 17:58:34.974: %HA-3-SYNC_ERROR: CCB sync failed for slot: 1
*Aug 22 17:58:34.974: %HA-5-SYNC_RETRY: Reloading standby and retrying sync operation (retry 1).And the standby RSP is reloaded.
Conditions: This symptom is observed when configuring and unconfiguring channel groups under an E1 controller.
Workaround: There is no workaround.
•CSCsk63369
By doing below procedure, sub-IF comes up.
T1 -- PA-MC-8T1 TE1 -- PA-MC-8TE1+
Case1
1. shut controller and sub-IF
2. no-shut controller
3. sub-IF in TE1 controller comes up (sub-IF in T1 controller remains shut)OR
Case2
1. no-shut controller and sub-IF
2. shut controller
3. shut sub-IF
4. no-shut controller
5. sub-IF in both TE1 and T1 controller comes upIn above case, if an order is 1->3->2->4->5, sub-IF in both controllers does not come up.
•CSCsk93113
Symptoms:
A router crashes with a TLB (load or instruction fetch) exception segmentation fault or a Breakpoint exception.
Conditions:
TLB (Load or Instruction Fetch) Exception Segmentation Fault Crash
From the (tcl) CLI prompt, issue the "ea_display_pitem" or "ea_display_msg" commands with a large ID input parameter such as:
router(tcl)# ea_display_msg 999999999or
router(tcl)# ea_display_pitem 99999999914:02:10 UTC Sat Jul 28 2001: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x61B3CCA8
-----------------------------------------------------------------------------------
Possible software fault. Upon recurrence, please collect crashinfo, "show tech" and contact Cisco Technical Support.
-----------------------------------------------------------------------------------
-Traceback= 61B3CCA8 61B1DCBC 61B2725C 61B1C518 60759B24 607D8914 607D88F8 $0 : 00000000, AT : 632D0000, v0 : EEC550B8, v1 : 316EBFFD a0 : 00000000, a1 : 00000000, a2 : 63B2FD21, a3 : 00000039 t0 : 107A3FFF, t1 : 0000000C, t2 : 0000000D, t3 : 0000000B t4 : 0000000A, t5 : 00000000, t6 : 63B2FDC4, t7 : 63B2FDC0 s0 : 2012F338, s1 : 63B32648, s2 : 634F3219, s3 : 634F50D0 s4 : 63B32648, s5 : 8B75FFE8, s6 : 00000002, s7 : 631E0000 t8 : 63B2FE10, t9 : 00000000, k0 : 3040D001, k1 : 00000800 gp : 632D5328, sp : 2012F2C0, s8 : 634F31FC, ra : 61B3CC98 EPC : 61B3CCA8, ErrorEPC : BFC018D4, SREG : 3400FF03 MDLO : 00000003, MDHI : 280ED7D0, BadVaddr : EEC550C4 Cause 00000008 (Code 0x2): TLB (load or instruction fetch) exception
00:05:30 UTC Mon Mar 1 1993: Unexpected exception to CPUvector 1200, PC = 804829C4 -Traceback= 804829C4 8049E4B0 8049E798 80492924 803CAE9C 803CB7E0 803CB6D8 803CDE88 80574D04 805759 78 803A6CC8 80CA1B60 80CA2008 80CA21FC 80CA21FC 80CA21FC
Breakpoint Exception Crash
From the (tcl) CLI prompt, download a very large file such as:
router(tcl)# source tftp://192.168.10.10/very-large-fileOpening file: tftp://192.168.10.10/very-large-file, buffer size=65536
Loading target from 192.168.10.10 (via GigabitEthernet0/2): !!!!!!!!!!!!!
========= Dump bp = 2036B72C ======================2036B62C: FD0110DF AB1234CD 8A 502B7AF8 62A7FF74 616E96A8 2036B67C 2036B5F8 2036B64C: 80000012 1 0 63BF7AA0 0 400 0 8 2036B66C: 0 0 0 FD0110DF AB1234CD 1E 639C1A58 623BCD20 2036B68C: 60B26684 2036B6E0 2036B644 8000001E 1 0 2017A9DC 200302F4 2036B6AC: 623BCC3C 200302F4 1 3 1 3 0 0
=== output truncated ===
%Software-forced reload
14:47:00 UTC Sat Jul 28 2001: Breakpoint exception, CPU signal 23, PC = 0x6080A0C0
-----------------------------------------------------------------------------------
Possible software fault. Upon recurrence, please collect crashinfo, "show tech" and contact Cisco Technical Support. -----------------------------------------------------------------------------------
-Traceback= 6080A0C0 60808014 607EDCE4 607EAF44 61B307D4 61B1DCBC 61B2725C 61B1C518 60759B24 607D8914 607D88F8 $0 : 00000000, AT : 632D0000, v0 : 636A0000, v1 : 636A0000 a0 : 6366A408, a1 : 0000FF00, a2 : 00000000, a3 : 62FF0000 t0 : 6080F7A0, t1 : 3400FF01, t2 : 6080F7A0, t3 : FFFF00FF t4 : 6080F7A0, t5 : 36423734, t6 : 78312030, t7 : 32324431 s0 : 00000000, s1 : 00000000, s2 : 63010000, s3 : 634308E0 s4 : 2036B754, s5 : 202AEDB8, s6 : 63010000, s7 : 631E0000 t8 : 63B2FCF4, t9 : 00000002, k0 : 3040D001, k1 : 00000800 gp : 632D5328, sp : 202AEB68, s8 : 634F31FC, ra : 60808014 EPC : 6080A0C0, ErrorEPC : BFC018D4, SREG : 3400FF03 MDLO : 00000000, MDHI : 00000006, BadVaddr : 0B6719BC Cause 00000024 (Code 0x9): Breakpoint exception
Cisco IOS software introduced the ability to support Tool Command Language (Tcl) version 7.0 commands as part of the Cisco IOS Interactive Voice Response feature in Cisco IOS Release 12.0(6)T and later. For further information, see http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/vapp_dev/tclivrpg.htm.
The Cisco IOS Scripting with Tcl feature provides the ability to run Tool Command Language (Tcl) version 8.3.4 commands and was introduced from Cisco IOS Release 12.3(2)T. For further information, see http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_2/gt_tcl.htm.
Workaround:
AAA Authorization
AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user's profile, which is located either in the local user database or on the security server, to configure the user's session. Once this is done, the user will be granted access to a requested service only if the information in the user profile allows it.
For a complete description of authorization commands, see the following links:
Configuring Authorization
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/schathor.htm
ACS 4.1 Command Authorization Sets
ACS 4.1 Configuring a Shell Command Authorization Set for a User Group
Role-Based CLI Access
The Role-Based CLI Access feature allows the network administrator to define "views," which are a set of operational commands and configuration capabilities that provide selective or partial access to Cisco IOS EXEC and configuration (Config) mode commands. Views restrict user access to Cisco IOS command-line interface (CLI) and configuration information; that is, a view can define what commands are accepted and what configuration information is visible. Thus, network administrators can exercise better control over access to Cisco networking devices.
The following link provides more information about the Role-Based CLI Access feature:
Role-Based CLI Access
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html
Device Access
Due to the nature of this vulnerability, networking best practices such as access control lists (ACLs) and Control Plane Policing (CoPP) that restrict vulnerable device access to certain IP addresses or subnetworks may not be effective. Device access best practices provide some mitigation for these issues by allowing systemic control of authenticated and unauthenticated users. Device access best practices are documented in:
Infrastructure Protection on Cisco IOS Software-Based Platforms, Appendix B—Controlling Device Access http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6970/ps1838/prod_white_paper0900aecd804ac831.pdf
Improving Security on Cisco Routers
http://www.cisco.com/warp/public/707/21.html
Terminal Service
•CSCsj86725
This DDTS addresses the issue in the Cisco Product Security Incident Response Team (PSIRT) response to an issue discovered and reported to Cisco by Andy Davis from IRM, Inc. regarding a stack overflow in the Cisco IOS Line Printer Daemon (LPD) Protocol feature.
This security response is posted at:
http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml
Resolved Caveats—Cisco IOS Release 12.3(24)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(24). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(24). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCin75237
Symptoms: A line card gets wedged and needs a restart.
Conditions: This symptom is observed when a particular VIP is marked as wedged.
Workaround: There is no workaround.
•CSCsi13312
Symptoms: Authentication with Security Device Manager (SDM) 2.3.3 fails, preventing you from logging into the router through HTTPS, HTTP, SSH, Telnet, console, or any management application.
Conditions: This symptom is observed on a Cisco router that is "fresh out of the box" and affects the following routers:
Cisco 800 series
Cisco 1700 series
Cisco 1800 series
Cisco 2700 series
Cisco 2800 series
Cisco 3700 series
Cisco 3800 series
Workaround: For extensive information and a workaround, see the following Field Notice:
http://www.cisco.com/en/US/ts/fn/620/fn62758.html
•CSCsj44081
Cisco IOS software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS software releases published after April 5, 2007.
Details: With the new enhancement in place, Cisco IOS software will emit a "%DATACORRUPTION-1-DATAINCONSISTENCY" error message when it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.
The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error
The error message is then followed by a traceback.
It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.
Recommended Action: Collect show tech-support command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the "%DATACORR UPTION-1-DATAINCONSISTENCY" message and note those to your support contact.
IBM Connectivity
•CSCsi57284
Symptoms: A router that is running Cisco IOS may crash due to a software forced crash.
Conditions: This problem is specific to a DLSW configuration with SDLC attached controllers. At the time of the crash, on one SDLC interface, the encapsulation SDLC was removed.
Workaround: There is no workaround.
IP Routing Protocols
•CSCsi62559
Symptoms: OSPF packets with IP Precedence 0 are classified by SPD as priority packets. This is an error because only IP Precedence 6 packets should be classified as priority packets by SPD.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18) or a later release but may also affect other releases.
Workaround: Use ACLs to block invalid IP control packets from reaching the control plane.
•CSCsj39538
Symptoms: Router tracebacks and then crashes during deconfiguration (removal) of VRF. The following message was seen prior to crash:
-Process= "IP RIB Update", ipl= 3, pid= 68
-Traceback= 609538D8 60D1B8B4 612B2838 612588C8 61258CD4 6125E61C 6125ED04
6125EF30 61261CDC 6125A14C 61265A08 6126BE10 6097CF00 609547D8 609548B8
Address Error (load or instruction fetch) exception, CPU signal 10, PC =
0x609538FC
Conditions: No specific conditions are known to cause this fault.
Workaround: There is no workaround.
Miscellaneous
•CSCdz55178
Symptoms: A router that is configured for QoS may reload unexpectedly or other serious symptoms such as memory corruption may occur.
Conditions: This symptom is observed on a Cisco router that has a cable QoS profile with a name that has a length that is greater than 32 characters as in the following example:
cable qos profile 12 name g711@10ms_for_any_softswitch_Traa^C
00000000011111111111222222222333^
12345678901234567890123456789012|
|
PROBLEM
(Variable Overflowed).
Workaround: Change the name of the cable QoS profile qos profile to a length that is less than 32 characters.
•CSCek63384
Symptoms: A service policy is unexpectedly removed.
Conditions: This symptom is observed when you apply a service policy to a multilink interface and then the interface is reset.
Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, reconfigure the service policy after the multilink interface has been brought up.
•CSCsa92748
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog reset
Conditions: This symptom is observed only on Cisco 7200 and Cisco 7301 series routers that are configured with an NPE-G1 Network Processing Engine.
Workaround: There is no workaround.
•CSCsc93516
Symptoms: A router may crash because of a bus error during ISAKMP negotiation.
Conditions: This symptom is observed on a Cisco 2611XM that runs Cisco IOS Release 12.3(17a) but is not platform-specific and may also affect Release 12.4.
Workaround: There is no workaround.
•CSCsd37629
Symptoms: Alignment errors and a bus error may occur on a Cisco router that has the ip inspect command enabled.
Conditions: This symptom can be observed where the Cisco IOS Firewall feature is handling a lot of RTSP traffic.
Workaround: There is no workaround.
•CSCse01124
Symptoms: The Hot Standby Router Protocol (HSRP) may not come up and may remain in the "Init" state, which can be verified in the output of the show standby brief command.
Conditions: This symptom is observed when dampening is configured on a native Gigabit Ethernet interface of a Cisco 7200 series or on a Fast Ethernet interface of a PA-FE-TX port adapter. Other types of interfaces are not affected.
Workaround: When the symptom has occurred, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Gigabit Ethernet and Fast Ethernet interfaces of all routers of the standby group.
To prevent the symptom from occurring, remove dampening from the Gigabit Ethernet and Fast Ethernet interfaces.
•CSCse40423
Symptoms: A tunnel interface cannot ping the other end of an IP tunnel.
Conditions: This symptom is observed when ATM is configured and when the tunnel interface is up.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the tunnel interface.
•CSCse49985
Symptoms: A software-forced crash may occur on a Cisco 3745, and an error message similar to the following may be displayed:
rcojx67-vgw01-3745 uptime is 1 day, 16 hours, 19 minutes
System returned to ROM by error - a Software forced crash, PC 0x60A87D38
at 15:59:36 GMT Tue May 16 2006
System restarted at 16:00:35 GMT Tue May 16 2006
System image file is "flash:c3745-ipvoice-mz.123-14.T3.bin"
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.3(14)T3 only when there are some memory allocation failures. The symptom may also affect Release 12.4.
Workaround: There is no workaround.
•CSCse55425
Symptoms: When configuring a serial interface or issuing show commands related to that serial interface, a router may incorrectly configure a different serial interface or may show output from a different serial interface in the router.
Conditions: The conditions under which the problem manifest itself are unknown, and appear to be random. The symptom exists only when using a channelized T3 card and configuring one of the T1's.
Workaround: A router reload clears the issue.
•CSCsg40567
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•CSCsg70474
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml.
•CSCsh04686
Symptoms: With X25 over TCP (XOT) enabled on a router or catalyst switch, malformed traffic sent to TCP port 1998 will cause the device to reload. This was first observed in Cisco IOS Release 12.2(31)SB2.
Conditions: Must have "x25 routing" enabled on the device.
Workarounds: Use IPSEC or other tunneling mechanisms to protect XOT traffic. Also, apply ACLs on affected devices so that traffic is only accepted from trusted tunnel endpoints.
•CSCsh06117
Symptoms: When the ATM Software Segmentation and Reassembly (SAR) feature is enabled, VBR-rt PVCs may be deactivated before VBR-nrt PVCs in an over-subscription scenario.
Conditions: This symptom is observed on a Cisco 2600 series and Cisco MC3810 that have oversubscribed ATM PVCs with a VBR-rt and VBR-nrt class of service.
Workaround: Configure all PVCs with an SCR of less than or equal to the line rate.
•CSCsh33430
Symptoms: A traceback may occur in an HSRP function and the platform may reload unexpectedly.
Conditions: This symptom is observed on a Cisco platform that has the HSRP Support for ICMP Redirects feature enabled and occurs when a learned HSRP group is removed after a resign message has been received.
Workaround: Disable the Support for ICMP Redirects feature by entering the no standby redirects global configuration command.
•CSCsh71993
Symptoms: SIP may not pass the correct calling number in the header when an e164 address is used. SIP should block the population of the calling party number if the user portion of the "From" header is not an e164 address, preventing the calling party number IE from being populated when ISDN sends the SETUP message. However, this does not occur, and SIP may pass an incorrect number.
Conditions: This symptom is observed on a Cisco gateway that sends Microsoft Communicator SIP calls to the PSTN.
Workaround: There is no workaround.
•CSCsh85531
Symptoms: Some E1 channels may remain down after you have reloaded a router.
Conditions: This symptom is observed on a Cisco 7200 series that function as a PE router and that connects to a CE router. Both routers are connected through 1-port multichannel STM-1 (PA-MC-STM-1) port adapters and the framing no-crc4 command is enabled on all interfaces of both routers.
Workaround: Enter the shutdown command followed by the no shutdown command on the SONET controller of the PA-MC-STM-1 at the PE side to enable all interfaces to come up.
•CSCsi67763
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link: http://www.kb.cert.org/vuls/id/739224.
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall. Cisco response is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml.
•CSCsi42490
Symptoms: A Cisco 3700 series with an IMA interface may crash.
Conditions: This symptom is observed when the ATM IMA PVC had an AutoQoS configuration.
Workaround: Remove the AutoQoS configuration.
•CSCsi57927
Symptoms: A Cisco router running Cisco IOS Release 12.2, Release 12.3, or Release 12.4 will show TCP connections hung in CLOSEWAIT state. These connections will not time out, and if enough accumulate, the router will become unresponsive and need to be reloaded.
Conditions: This symptom occurs on a Cisco router running Cisco IOS Release 12.2, Release 12.3, or Release 12.4 when executing a copy source-url ftp: command and the FTP server fails to initiate the FTP layer (no banner) but does setup a TCP connection. This may occur when the FTP server is misconfigured or overloaded.
The CLI command will timeout, but will not close the TCP connection or clean up associated resources. The FTP server will eventually answer and timeout itself, and close the TCP connection, but the router will not clean up the TCP resources at this time either.
Workaround: Manually clear TCP resources using the clear tcp CLI command, referencing the show tcp brief command output.
•CSCsi60004
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml.
•CSCsi98120
Symptoms: A router may crash because of a bus error. Spurious accesses may be observed.
Conditions: This symptom is observed on a Cisco 7200 series router that has an NPE-G1 and that runs Cisco IOS Release 12.3(22). The router is configured as a PE router and uses MQC hierarchical policies for some subinterfaces and the legacy rate-limit command for other subinterfaces.
Workaround: There is no workaround.
•CSCsj37071
Symptoms: All E1 interfaces on a PA-MC-E3 port adapter may flap continuously even after the traffic has been stopped.
Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch and Cisco 7600 series router that have a PA-MC-E3 port adapter when you configure 16 or 128 channel groups on each time slot (that is, time slots 1-31) and then generate traffic just above line rate traffic through all the channel groups. Note that the symptom is not platform-specific.
Workaround: Stop the traffic and reset the E3 controller of the PA-MC-E3 port adapter.
•CSCsj94561
Symptoms: A router may crash because of a bus error when you perform an OIR of a PA-MC-8TE1+ port adapter or when you enter the hw-module slot slot-number stop command for the slot in which the PA-MC-8TE1+ port adapter is installed.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•CSCsh36203
Symptoms: A Cisco router is crashing at p_dequeue.
Conditions: This symptom is observed when testing the Echo cancelling feature in the Cisco 1700 platform but is not platform dependent.
Workaround: There is no workaround.
•CSCsh92986
Symptoms: The latency for the RSH command could increase when they are flowing through an FWSM module.
Conditions: The following issue was observed on an FWSM that is running 2.2 (1) software. The long delay was triggered by using either Cisco IOS Release 12.3(13a)BC1 or Release 12.3(17a)BC1 on routers toward which those RSH commands were sent.
Workaround: Either bypass the FWSM module or downgrade to Cisco IOS Release 12.3(9a)BC3 which is not affected by this extra delay issue.
Wide-Area Networking
•CSCee56988
Symptoms: High CPU usage occurs on a Cisco 7301, and the following error message and traceback are generated:
%TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer:
0x0
-Process= "L2X SSS manager", ipl= 0, pid= 69
-Traceback= 0x606E43DC 0x60B9FAC8 0x60BA11C4 0x619F502C 0x619F4A2C
0x619F4D34 0x619F35C4 0x619F4FF4 0x619F6820 0x619F5ED8 0x619F6350 0x619CA1F4
0x619CA6C4 0x619D2524 0x619CABB4 0x619CAFA0
Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS Release 12.4(5b) with PPTP/VPDN connections after, on a connected platform, rate limiting is changed to MQC policy-based limiting of the bandwidth. Note that the symptom may b e release-independent.
Workaround: There is no workaround.
•CSCek41543
Symptoms: A Cisco 2811 router running Cisco IOS Release 12.4(7a) may have a memory leak in the ISDN process as has been seen in the show process memory. The leak rate appears to be about 1.20MB/Hour.
Conditions: This symptom has been observed with BRI-U interface that is UP/UP (spoofing).
Workaround: Administratively shut down the BRI interface.
•CSCsg03793
Symptoms: A router may crash while parsing "x28 profile spaced." This occurs when x28 mode is configured.
The crashinfo file will show:
"%SYS-2-FREEFREE: Attempted to free unassigned memory at [...]"
Conditions: This symptom is observed on a Cisco AS5350 that is running Cisco IOS Release 12.3(20) and is occurring under heavy traffic.
Workaround: There is no workaround.
•CSCsh82513
Symptoms: The output of the show isdn active command may show disconnected calls.
Conditions: This symptom is observed on a Cisco router when analog modem calls are made after a normal ISDN digital call has been made.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(23)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(23). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(23). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeb20967
Symptoms: A Route Switch Processor (RSP) may reload unexpectedly when a bus error with an invalid memory address occurs while packets are placed into a hold queue.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S, 12.1(14)E4, or 12.2 S when the following sequence of events occurs:
1. A packet is switched via Cisco Express Forwarding (CEF).
2. The egress interface has queueing/shaping configured.
3. The egress interface is congested, causing the packet to be placed into the hold queue.
Workaround: There is no workaround.
•CSCin75237
Symptoms: A line card gets wedged and needs a restart.
Conditions: This symptom is observed when a particular VIP is marked as wedged.
Workaround: There is no workaround.
•CSCsg69244
Symptoms: After you have performed a microcode reload on a router, a ping may not go through for 100 percent.
Conditions: This symptom is observed on a Cisco router that has an RSP after you have entered the microcode reload command.
Workaround: There is no workaround.
•CSCsi13312
Symptoms: Authentication with Security Device Manager (SDM) 2.3.3 fails, preventing you from logging into the router through HTTPS, HTTP, SSH, Telnet, console, or any management application.
Conditions: This symptom is observed on a Cisco router that is "fresh out of the box" and affects the following routers:
Cisco 800 series
Cisco 1700 series
Cisco 1800 series
Cisco 2700 series
Cisco 2800 series
Cisco 3700 series
Cisco 3800 series
Workaround: For extensive information and a workaround, see the following Field Notice:
http://www.cisco.com/en/US/ts/fn/620/fn62758.html
•CSCsj44081
Cisco IOS software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS software releases published after April 5, 2007.
Details: With the new enhancement in place, Cisco IOS software will emit a "%DATACORRUPTION-1-DATAINCONSISTENCY" error message when it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.
The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error
The error message is then followed by a traceback.
It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.
Recommended Action: Collect show tech-support command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the "%DATACORR UPTION-1-DATAINCONSISTENCY" message and note those to your support contact.
IP Routing Protocols
•CSCsh80678
Symptoms: New or flapping IGP routes may be injected into BGP even though no corresponding network statements exist.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(22) or a later release when the auto-summary command is enabled for BGP.
Workaround: Enter the no auto-summary command.
ISO CLNS
•CSCsg28497
Symptoms: An IS-IS adjacency may flap when an RP switchover occurs.
Conditions: This symptom is observed on a Cisco router that is configured for IS-IS Multi-Topology, IS-IS NSF Awareness, and IPv4 and IPv6 unicast.
Workaround: There is no workaround.
Miscellaneous
•CSCds25257
Symptoms: A gatekeeper rejects new registration requests from a Cisco Unified CallManager (CUCM) or other H.323 endpoints with Registration Rejection (RRJ) reason of duplicateAlias. Attempting to clear this stale registration fails and a "No such local endpoint is registered, clear failed." error message is generated.
Conditions: This symptom is observed in the following topology:
CUCM H.225 trunks register to a gatekeeper (GK) cluster. Gatekeeper 1 (GK1) and gatekeeper 2 (GK2) are members of the GK cluster. The CUCM registers first to GK1, then fails over to GK2. This registration at GK2 sends an alternate registration to GK1. However, because of network issues, the unregistered indication does not reach GK1.
When the H.225 trunk attempts to register with GK1, it is rejected because the alternate registration is still present, and there is no way to clear it.
10.9.20.3 34273 10.9.20.3 32853 SJC-LMPVA-GK-1 H323-GW A
ENDPOINT-ID: 450FC24400000000 VERSION: 5 AGE: 1618993 secs
SupportsAnnexE: FALSE
g_supp_prots: 0x00000050
H323-ID: SJC-LMPVA-Trunk_4
Workaround: Reset the gatekeeper by entering the shutdown command followed by the no shutdown command, or reboot the affected GK.
•CSCeh15949
Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.
Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.
Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.
Further Problem Description: An example of this caveat is shown below.
When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.
Topology:
RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1
Router_RPM09_XF#show running-config
Building configuration...
Current configuration : 1190 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_RPM09_XF
!
boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker
interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any
Router_RPM09_XF#show ip access-list 101
Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#
The information below shows that the access list does not function:
Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open
•CSCek60527
Symptoms: An AAA server does not authenticate.
Conditions: This symptom is observed on a Cisco platform that functions as an AAA server and that runs Cisco IOS Release 12.3(13) when you dial up using Microsoft callback through an asynchronous line. Dialup through an ISDN modem works fine.
Workaround: There is no workaround.
•CSCek66164
Symptoms: A router may hang briefly and then may crash when you enter any command of the following form:
show ... | redirect rcp:....
Conditions: This symptom is observed when Remote Copy Protocol (RCP) is used as the transfer protocol.
Workaround: Use a transfer protocol other than RCP such as TFTP or FTP.
Further Problem Description: RCP requires delivery of the total file size to the remote host before it delivers the file itself. The output of a show command is not an actual file on the file system nor is it completely accumulated before the transmission occurs, so the total file size is simply not available in a manner that is compatible with RCP requirements.
•CSCsa92748
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog reset
Conditions: This symptom is observed only on Cisco 7200 and Cisco 7301 series routers that are configured with an NPE-G1 Network Processing Engine.
Workaround: There is no workaround.
•CSCsb12598
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsb89005
Symptoms: A Cisco 10000 router that is running Cisco IOS Release 12.3(7)XI6 may reload because of a software forced crash after a c10k_ttcm_write: Invalid Address error.
Conditions: This symptom may occur if a static route of the form:
ip route vrf name ip address 255.255.255.255 interface
(where interface is not a point-to-point interface)
is configured.
Workaround: There is no workaround.
•CSCsd81407
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsd92405
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCse40423
Symptoms: A tunnel interface cannot ping the other end of an IP tunnel.
Conditions: This symptom is observed when ATM is configured and when the tunnel interface is up.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the tunnel interface.
•CSCse56501
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.
•CSCsf08998
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsg10134
Symptoms: A router crashes when PPPoEoA sessions are torn down.
Conditions: This symptom is observed when the maximum number of class-map instances are configured on the router.
Workaround: There is no workaround.
•CSCsg40482
Symptoms: ISDN L2 may remain in the "TEI_ASSIGNED" state.
Conditions: This symptom is observed on a Cisco router after you have performed a hard OIR of a PA-MC-4T1 port adapter.
Workaround: There is no workaround to prevent the symptom from occurring. After the symptom has occurred, reload the router.
•CSCsg40567
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•CSCsg70474
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsg83834
Symptoms: A router may crash and generate an "%ALIGN-1-FATAL: Illegal access to a low address" error message.
Conditions: This symptom is observed on a Cisco router that is configured for IPv6, IPsec, and multicast.
Workaround: There is no workaround.
Further Problem Description: The fix for caveat CSCsg83834 also fixes caveat CSCsg94837. For more information about caveat CSCsg94837, see http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsg94837.
•CSCsh05979
Symptoms: A VIP may reset because of a bus error when you remove a service policy from an ATM subinterface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(20) but may also affect Release 12.4 and Release 12.4.T. The symptom appears to be platform-independent.
Workaround: There is no workaround.
•CSCsh06117
Symptoms: When the ATM Software Segmentation and Reassembly (SAR) feature is enabled, VBR-rt PVCs may be deactivated before VBR-nrt PVCs in an over-subscription scenario.
Conditions: This symptom is observed on a Cisco 2600 series and Cisco MC3810 that have oversubscribed ATM PVCs with a VBR-rt and VBR-nrt class of service.
Workaround: Configure all PVCs with an SCR of less than or equal to the line rate.
•CSCsh33430
Symptoms: A traceback may occur in an HSRP function and the platform may reload unexpectedly.
Conditions: This symptom is observed on a Cisco platform that has the HSRP Support for ICMP Redirects feature enabled and occurs when a learned HSRP group is removed after a resign message has been received.
Workaround: Disable the Support for ICMP Redirects feature by entering the no standby redirects global configuration command.
•CSCsi01470
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•CSCsi60004
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
TCP/IP Host-Mode Services
•CSCek40455
Symptoms: The Border Gateway Protocol (BGP) session is stuck in FINWAIT1 connection state.
Conditions: This symptom has been observed with a BGP session when changing the BGP password.
Workaround: Use the clear tcp tcb address command to delete the stuck Transmission Control Block (TCB).
•CSCse05736
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–The router must have RCP enabled.
–The packet must come from the source address of the designated system configured to send RCP packets to the router.
–The packet must have a specific data content.
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.
Wide-Area Networking
•CSCee13617
Symptoms: A Cisco router that has an ISDN interface as a backup for an ADSL port may exhibit spurious memory accesses and a high CPU utilization during interrupts.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(13)ZH2, Release 12.3, or Release 12.3T when an L2TP tunnel is up, when the BRI-U interface is disconnected and reconnected, and when the router attempt to reenable the tunnel.
Workaround: There is no workaround.
•CSCek60025
Symptoms: A ping may be dropped in a PPP callback scenario.
Conditions: This symptom is observed on a Cisco router when Multilink PPP (MLP) and the dialer load-threshold command are enabled.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(22a)
Cisco IOS Release 12.3(22a) is a rebuild release for Cisco IOS Release 12.3(22). The caveats in this section are resolved in Cisco IOS Release 12.3(22a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCsj44081
Cisco IOS software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS software releases published after April 5, 2007.
Details: With the new enhancement in place, Cisco IOS software will emit a "%DATACORRUPTION-1-DATAINCONSISTENCY" error message when it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.
The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error
The error message is then followed by a traceback.
It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.
Recommended Action: Collect show tech-support command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the "%DATACORR UPTION-1-DATAINCONSISTENCY" message and note those to your support contact.
Miscellaneous
•CSCeh15949
Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.
Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.
Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.
Further Problem Description: An example of this caveat is shown below.
When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.
Topology:
RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1
Router_RPM09_XF#show running-config
Building configuration...
Current configuration : 1190 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_RPM09_XF
!
boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker
interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any
Router_RPM09_XF#show ip access-list 101
Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#
The information below shows that the access list does not function:
Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open
•CSCej20505
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsd81407
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsf08998
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsg40567
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•CSCsg70474
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi01470
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•CSCsi60004
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi67763
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.
Cisco response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
TCP/IP Host-Mode Services
•CSCse05736
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–The router must have RCP enabled.
–The packet must come from the source address of the designated system configured to send RCP packets to the router.
–The packet must have a specific data content.
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.
Resolved Caveats—Cisco IOS Release 12.3(22)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(22). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(22). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeg62070
Symptoms: Tracebacks or crash are seen during HTTP transactions with long URLs.
Conditions: The crash is seen when the length of any token in the URL of the request is excessively long.
Workaround: Disable HTTP server using the no ip http server command.
•CSCek52249
Symptoms: A Cisco router crashes when the default dest-ip command is entered in IPSLA jitter, UDP Echo and TCP Connect operations.
Conditions: The issue is seen when the default dest-ip command is entered.
Workaround: There is no workaround.
•CSCsh02375
Symptoms: In a Cisco 7500 RSP Console, the show controller cbus command output does not list details for Interfaces other than Serial Interfaces.
Conditions: Do show controller cbus in a Cisco 7500 RSP console.
Workaround: There is no workaround.
IBM Connectivity
•CSCsg65485
A Cisco 706VXR/NPE-G1 running Cisco IOS Release 12.3(20.12) and configured for DLSW (data link switching) reloaded unexpectedly.
Workaround: There is no workaround.
Interfaces and Bridging
•CSCek43732
Symptoms: All packets are dropped from a 1-port OC-3/STM-1 POS port adapter (PA-POS-1OC3) or 2-port OC-3/STM-1 POS port adapter (PA-POS-2OC3) that is configured for CBWFQ.
Conditions: This symptom is observed on a Cisco 7200 series that has an NPE-G1. However, the symptom may be platform-independent.
Workaround: There is no workaround.
•CSCsh16540
Symptoms: Router crashes when "encapsulation dot1Q <VC id>" is enabled on a mpls router.
Conditions: The crash is observed in 7200 platform router from the Cisco IOS Release 12.4(12.7)
Workaround: There is no workaround.
IP Routing Protocols
•CSCei29944
Symptoms: A CE router that has L2TP tunnels in an MPLS VPN environment with about 1000 VRFs may crash and generate the following error message:
Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x50766038
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(32)S and that functions as a CE router when BGP neighbors are unconfigured via the no neighbor ip-address command while the show ip bgp summary command is entered from the Aux console. The symptom is not release-specific and may also affect other releases.
Workaround: There is no workaround.
•CSCsg29248
Symptoms: Stale LSA can be created after issuing the summary-address not-advertise command in a very corner case. Problem became visible after CSCsf27810 fix.
Conditions: This symptom occurs when a self-originated external LSA with the same address and more specific mask exists in OSPF database.
Workaround: Clear the OSPF process.
•CSCsg52336
Symptoms: The problem is observed on ESR10K / PRE-1 with c10k-k4p10-mz.120-25.SX6f as a PE router with multiple VRFs using OSPF and other VRFs, created but not used or assigned.
Conditions: When removing unused and unassigned VRF via the "no ip vrf <vpn_name>" config command causes the router to crash.
Workaround: There is no workaround
•CSCsh19852
Symptoms: When the OSPF interface goes down, some FSM events won't happen (old netwrork LSA won't be flushed as an example).
Conditions: This symptom was introduced in CSCek63900.
Workaround: There is no workaround.
Miscellaneous
•CSCdv43124
Symptoms: A Cisco VIP4-80 with a PA-MC-STM-1SMI crash when QOS is deployed and traffic is generated. Replacing the Cisco VIP4-80 doesn't fix this issue.
Conditions: This symptom has been observed on a Cisco VIP4-80.
Workaround: A reload of the Cisco VIP4-80 is required to reconnect to the CE.
•CSCek55511
Symptoms: A Cisco AS5400HPX that is running Cisco IOS Release 12.3(11)T7 may crash with IO Memory corruption.
Conditions: The crash may occur when polling for ccrpCPVGEntry, and resource pooling is enabled on the Gateway.
Workaround: Disable SNMP polling for ccrpCPVGEntry.
•CSCek56991
Symptoms: A Cisco 7200 series may send a corrupted packet via a 2-port T3 serial, enhanced port adapter (PA-2T3+). The rate of corrupted packets is very low.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.2SB, Release 12.4T, or Release 12.4(4)XD3 and occurs when the router functions under high stress conditions such as a high CPU load and an oversubscribed interface of the PA-2T3+.
Workaround: Avoid a high CPU load and oversubscription of the interface of the PA-2T3+.
•CSCek57655
Symptoms: A modem autoconfiguration fails.
Conditions: This symptom is observed in an asynchronous call.
Workaround: There is no workaround.
•CSCsb12598
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsb40304
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–Cisco IOS, documented as Cisco bug ID CSCsd85587
–Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
–Cisco Firewall Service Module (FWSM)
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Note Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
•CSCsd92405
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsf27178
Symptoms: Percentage based traffic shaping is not working.
Conditions: This symptom is observed on a Cisco router that is configured the percentage based traffic shaping an output policy
Workaround: There is no workaround.
•CSCsg11718
Symptoms: A VRF may become stuck in the "Delete Pending" state.
Conditions: This symptom is observed on a Cisco router that is configured for MPLS VPN and Half-Duplex VRF (HDVRF) when you delete the VRF and then associate it with an interface before it is completely deleted.
Workaround: To ensure that the VRF is properly deleted, enter the shutdown interface configuration command on the interface with which the VRF is associated or remove the interface with which the VRF is associated.
•CSCsg16908
This bug documents the deprecation and removal of the Cisco IOS FTP Server feature.
•CSCsg21394
Symptoms: Router reload unexpectedly by malformed DNS response packets.
Conditions: configure name-server and domain lookup.
Workaround: Configure "no ip domain lookup" to stop the router using DNS to resolve hostnames.
•CSCsg42246
Symptoms: A Cisco router may exhibit high CPU in the "IP Background" process and then spontaneously reload.
Conditions: RIP is configured. A RIP host route is advertised from another router. The same host route is assigned to an interface on this router. For example, on a ppp link with "ip address negotiated" configured.
Workaround: Use a route-map to block the advertised route.
•CSCsg42519
Symptoms: Router may reload by TLB exception (Bus Error) or Address error when configuring channelized interfaces.
Conditions: This behavior is observed on a Cisco router that is running Cisco IOS Release 12.3(20) when channelized interface is configured as follows:
Router(config)#interface Serialx/y:zRouter(config-if)# frame-relay ip rtp header-compression passive
Router(config-if)# frame-relay ip rtp compression-connections numberWorkaround: Shutdown the interface and temporarily remove the passive attribute from the header compression command prior to reducing the number of compression connections as follows:
Router(config)#interface Serialx/y:zRouter(config-if)# shutdown
Router(config-if)# frame-relay ip rtp header- compression
Router(config-if)# frame-relay ip rtp compression-connections numberRouter(config-if)# frame-relay ip rtp header-compression passive
Router(config-if)# no shutdown
Further Problem Description: The issue was not reported when using Cisco IOS Release 12.3T or Release 12.4.
•CSCsg70932
Symptoms: A Cisco 7200 series that is configured for QoS may crash when traffic is sent.
Conditions: This symptom is observed on a Cisco 7200 series that has an NPE-G1 or NPE-G2 and that has a Port Adapter Jacket Card in which a 2-port OC-3/STM-1 POS port adapter (PA-POS-2OC3) in installed that has an interface with a service policy.
Workaround: There is no workaround.
•CSCsg76519
Symptoms: RSP may crash when clear counters command is given in Cisco IOS Release 12.4.
Conditions: RSP may crash when the clear counters command is given after termination of voice calls with pa-vxc-2TE1 PAs.
Workaround: There is no workaround.
•CSCsh05979
Symptoms: A Cisco 7500 running Cisco IOS Release 12.3(20) may experience the reset of a VIP due to a bus error when removing a service policy from an ATM sub interface.
Conditions: The service policy is removed from the ATM sub interface.
Workaround: There is no workaround.
•CSCsh22978
Symptoms: The primary RSP may crash when you perform a soft OIR on the standby RSP.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dMLP and RPR+.
Workaround: There is no workaround.
Wide-Area Networking
•CSCek62099
Symptoms: When Multilink PPP (MLP) is enabled for a PPP over Ethernet (PPPoE) session, outbound packets are incorrectly sent without PPPoE headers. This situation causes packets to be dropped.
Conditions: This symptom is observed in Cisco IOS Release 12.4 on all software-forwarding routers and affects only packets that are not multilink-encapsulated (when the bundle has only a single link).
Workaround: Enter the ppp multilink fragment delay interface configuration command to force multilink headers to be applied to all outbound packets.
Alternate Workaround: Disable MLP.
•CSCsf96318
Symptoms: QSIG (ISO) call back (ring back) fails between a Cisco 3745 router and a Cisco 1760 router.
Conditions: The call back fails.
Workaround: There is no workaround.
•CSCsg32183
Symptoms: Non Facility Associated Signaling (NFAS) on back-to-back routers is failing.The primary D-channel state is OUT OF SERVICE.
Conditions: This symptom happens with Cisco IOS Release 12.3(20.14) when the Primary D-channel is brought Down using the isdn test l2 disconnect command.
Workaround: There is no workaround.
•CSCsg38412
Symptoms: When a Multilink PPP (MLP) session is established over an ISDN link, IPCP fails to negotiate. When the debug ppp negotiation command is enabled, you can see that IPCP packets from the peer are not processed. The output of the show interface command for the ISDN D-channel interface shows that the input queue limit is 0.
Conditions: This symptom is observed when the ISDN BRI or PRI interface is not configured as part of a dialer rotary group or dialer pool and when RADIUS is used to assign the multilink bundle to a VRF.
Workaround: Enter the dialer rotary-group command to assign the ISDN interface to a dialer.
•CSCsg40885
Symptoms: A router crashes during Online Insertion and Removal (OIR) on MLP- PPP on a Cisco 7200 platform.
Conditions: This symptom is observed on a Cisco 7200 router that is configured for MLP-PPP.
Workaround: Shut the multilink interface before doing an OIR.
•CSCsg50202
Symptoms: When BRI interface flaps rapidly, ISDN Layer 1 detects link down, but Layers 2 and 3 keep active state during the transition. This may cause the BRI interface to get stuck, where subsequent incoming/outgoing call is rejected.
Conditions: The symptom may be observed when cable is pulled out and put back rapidly.
Workaround: Issue the clear interface command or the shutdown command followed by the no shutdown command on the affected BRI interface.
•CSCsg56148
Symptoms: Inbound GSM V.110 calls fail to train at a speed of 14400 bps.
Conditions: This symptom is observed on a Cisco AS5400 when the Bearer Capability (BC) does not match the Lower Layer Compatibility (LLC) in the ISDN setup message. The BC should take precedence over the LLC.
Workaround: If this an option, configure the ISDN switch to send the correct BC and LLC. If this is not an option, there is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(21b)
Cisco IOS Release 12.3(21b) is a rebuild release for Cisco IOS Release 12.3(21). The caveats in this section are resolved in Cisco IOS Release 12.3(21b) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeg62070
Symptoms: Tracebacks or crash are seen during HTTP transactions with long URLs.
Conditions: The crash is seen when the length of any token in the URL of the request is excessively long.
Workaround: Disable HTTP server using the no ip http server command.
•CSCsj44081
Cisco IOS software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS software releases published after April 5, 2007.
Details: With the new enhancement in place, Cisco IOS software will emit a "%DATACORRUPTION-1-DATAINCONSISTENCY" error message when it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.
The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error
The error message is then followed by a traceback.
It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.
Recommended Action: Collect show tech-support command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the "%DATACORR UPTION-1-DATAINCONSISTENCY" message and note those to your support contact.
Miscellaneous
•CSCeh15949
Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.
Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.
Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.
Further Problem Description: An example of this caveat is shown below.
When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.
Topology:
RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1
Router_RPM09_XF#show running-config
Building configuration...
Current configuration : 1190 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_RPM09_XF
!
boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker
interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any
Router_RPM09_XF#show ip access-list 101
Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#
The information below shows that the access list does not function:
Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open
•CSCsd81407
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–Cisco IOS, documented as Cisco bug ID CSCsd85587
–Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
–Cisco Firewall Service Module (FWSM) CSCsi97695
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Note: Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
•CSCsf08998
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsg40567
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•CSCsg70474
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi01470
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•CSCsi60004
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi67763
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.
Cisco response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
TCP/IP Host-Mode Services
•CSCse05736
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–The router must have RCP enabled.
–The packet must come from the source address of the designated system configured to send RCP packets to the router.
–-The packet must have a specific data content.
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.
Resolved Caveats—Cisco IOS Release 12.3(21a)
Cisco IOS Release 12.3(21a) is a rebuild release for Cisco IOS Release 12.3(21). The caveats in this section are resolved in Cisco IOS Release 12.3(21a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCsg70355
Symptoms: Starting in calendar year 2007, daylight savings summer-time rules may cause Cisco IOS to generate timestamps (such as in syslog messages) that are off by one hour.
Conditions: The Cisco IOS configuration command:
clock summer-time zone recurring
uses United States standards for daylight savings time rules by default. The Energy Policy Act of 2005 (H.R.6.ENR), Section 110 changes the start date from the first Sunday of April to the second Sunday of March. It changes the end date from the last Sunday of October to the first Sunday of November.
Workaround: A workaround is possible by using the clock summer- time configuration command to manually configure the proper start date and end date for daylight savings time. After the summer-time period for calendar year 2006 is over, one can for example configure:
clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
(This example is for the US/Pacific time zone.)
Not A Workaround: Using NTP is not a workaround to this problem. NTP does not carry any information about timezones or summertime.
Miscellaneous
•CSCsb12598
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsb40304
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsd92405
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
Resolved Caveats—Cisco IOS Release 12.3(21)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(21). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(21). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCdy11174
Symptoms: Some ciscoFlashCopyTable & ciscoFlashMiscOpTable objects cannot be read after row creation.
Conditions: For any newly created rows in these tables, some objects will not be readable.
Workaround: Objects will become readable immediately after being set. Additionally, rows can still be activated in these tables even if all objects cannot be read. Any objects which cannot be read contain their MIB defined default value.
•CSCek40101
Symptoms: If a Cisco 2800 series router is configured to do async tunneling using sync/async module with very slow speed like 2400bps or below, the sync/async line may get in stuck state. Entering the show tcp command on that stuck line shows CLOSED TCP connection with some unread input bytes, for example:
Router#sh tcp
tty0/2/0, connection 1 to host 172.16.242.129
Connection state is CLOSED, I/O status: 7, unread input bytes: 97
Connection is ECN Disabled
Local host: 172.16.146.249, Local port: 20514
Foreign host: 172.16.242.129, Foreign port: 23
....
....
Conditions: This symptom occurs only when the Cisco 2800 series router is used for async data tunneling at line speed of 2400 bps or lower with wic-2a/s card
Workarounds: See the following:
1. Issue the clear line x/y/z command to make that line usable again
2. Use Cisco IOS Release 12.3(14)T7, which does not show this issue as readily as Cisco IOS 12.4 version
3. Use line speed higher than 2400 bps 4. Use aux port of 2800 router
•CSCek52249
Symptoms: A Cisco router crashes when the default dest-ip command is entered in IPSLA jitter, UDP Echo and TCP Connect operations.
Conditions: The issue is seen when the default dest-ip command is entered.
Workaround: There is no workaround.
•CSCir00074
Symptoms: A router crashes when the casnDisconnect object is set to "true" for a PPPoE session.
Conditions: This symptom is observed on a Cisco 10000 series when you attempt to terminate the PPPoE session through SNMP by using the casnDisconnect object of the CISCO-AAA-SESSION-MIB.
Workaround: There is no workaround.
•CSCse49728
Symptoms: SNMPv3 informs are not sent out after a device reload.
Conditions: This symptom is observed when SNMPv3 informs have been configured, and the device is reloaded.
Workaround: Re-enter any of the snmp-server host commands.
•CSCse85200
Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router.
Since CDP is a layer-2 protocol, this issue can only be triggered by systems that are residing on the same network segment.
Workaround is to disable on interfaces where CDP is not necessary.
•CSCsf19139
Symptoms: %RADIUS-3-NOSERVERS messages are logged after a reload in Cisco IOS Release 12.3(18). At this time, the RADIUS accounting tickets are not generated.
Conditions: This symptom has been observed on a Cisco AS5300 gateway.
Workaround: Enter into configuration mode and change the order of the servers under the server group.
•CSCsf32390
Symptoms: When tuning particle clone, F/S, and header pools after these were made configurable via CSCuk47328, the commands may be lost on a reload.
Conditions: If the device is reloaded the commands are not parsed on a reload and this results in the defaults being active. This may result in traffic loss if the increased buffers were needed to enable greater forwarding performance for the specific network design.
Workaround: Configure an applet to enter the buffer values again after a reload. A sample applet would be:
event manager applet add-buffer
event syslog occurs 1 pattern ".*%SYS-5-RESTART: System restarted --.*"
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "buffers particle-clone 16384"
action 4.0 cli command "buffers header 4096"
action 5.0 cli command "buffers fastswitching 8192"
action 6.0 syslog msg "Reinstated buffers command"
IP Routing Protocols
•CSCed84633
Symptoms: The interface-type and interface-number arguments in the distribute-list address family configuration command do not function.
Conditions: This symptom is observed on a Cisco platform that integrates the fix for caveat CSCea59206. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCea59206. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
Further Problem Description: The fix for CSCed84633 re-enables the interface-type and interface-number arguments in the distribute-list address family configuration command for both VRF interfaces and non-VRF interfaces.
•CSCek27981
Symptoms: The output of the ping is different than expected.
Conditions: After configuring the security options, the output of the ping is different than expected.
Workaround: There is no workaround.
•CSCsd03021
Symptoms: When loading a large link state database from a third-party vendor router that runs Cisco IOS software, the CPU usage by OSPF may become very high, the router may generate CPUHOG messages, and it may take a long time to reach the FULL state, or the FULL state is not reached.
Conditions: These symptoms are observed in an environment in which packet drops occur. When the link state request that is sent from the Cisco IOS router is dropped, the routers may still continue to exchange DBD packets. However, the link stay request list on the Cisco IOS router may become long, and it may take a lot of CPU usage to maintain it.
Workaround: There is no workaround.
Further Problem Description: See also caveat CSCsd38572.
•CSCse56552
Symptoms: Connections fail through a router that uses CBAC. The pre-gen session is created, and the download or transfer begins. The pre-gen session times out and gets deleted from the router. Since the full session never gets established, the connection then times out on the host.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.4(8) and using CBAC outbound on the outside interface when policy based routing is applied.
Workaround: There is no workaround.
Further Problem Description: This bug is first seen in Cisco IOS Interim Release 12.4(7.24).
ISO CLNS
•CSCse40346
Symptoms: Tracebacks may be generated when you configure IS-IS and LDP features, for example, when you enter the no ip router isis area-tag command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(32)SY but may also occur in other releases.
Workaround: There is no workaround.
Miscellaneous
•CSCeg00531
Symptoms: A router crashes when you remove an ATM subinterface.
Conditions: This symptom is observed when the subinterface is configured with a LANE client that is configured for Multiprotocol over ATM (MPOA).
Workaround: There is no workaround.
•CSCeg20412
Symptoms: A router may not properly detect supervisory tones.
Conditions: This symptom is observed on a Cisco 3640 and Cisco 3660 only when a DSP is configured to detect custom cptones and when no cadence is specified for the tone. The symptom may also occur on other routers.
Workaround: Configure the cadence values.
•CSCeg42877
Symptoms: PPPoA sessions are not coming up in autovcs after entering the shutdown interface configuration command followed by the no shutdown interface configuration command. Tracebacks are reported.
Conditions: This problem is found only if the QoS parameters are configured via the Radius server.
Workaround: Configure the QoS parameters through the command line interface (CLI).
•CSCeg86867
Symptoms: An AAA server does not authenticate.
Conditions: This symptom is observed on a Cisco platform that functions as an AAA server and that runs Cisco IOS Release 12.3(13) when you dial up using Microsoft callback through an asynchronous line. Dialup through an ISDN modem works fine.
Workaround: There is no workaround.
•CSCek43310
Symptoms: A build break is observed in c5850tb-p9-mz.
Conditions: This symptom occurs when Marvel supports two devices. When fixing CSCsc20917, the third device is also initialized. This break is seen in Cisco IOS Releases 12.4 and 12.4T.
Workaround: There is no workaround.
•CSCek57655
Symptoms: A modem autoconfiguration fails.
Conditions: This symptom is observed in an asynchronous call.
Workaround: There is no workaround.
•CSCsb74409
Symptoms: A router may keep the vty lines busy after finishing a Telnet/Secure Shell (SSH) session from a client. When all vty lines are busy, no more Telnet/SSH sessions to the router are possible.
Conditions: This symptom is observed on a Cisco router that is configured to allow SSH sessions to other devices.
Workaround: Clear the SSH sessions that were initiated from the router to other devices.
•CSCsb93407
Symptoms: When H323 call service stops, the router still listens on TCP port 1720 and completes connection attempts.
Conditions: This symptom occurs after H323 is disabled using the following configuration commands:
voice service voip h323 call service stop
Workaround: Access can be blocked by deploying an interface access list that blocks access to TCP port 1720 for traffic that is destined for any of the IP addresses of the router.
For information about deploying access lists, see the "Transit Access Control Lists: Filtering at Your Edge" document at http://www.cisco.com/warp/public/707/tacl.html.
For further information about deploying access lists, see the "Protecting Your Core: Infrastructure Protection Access Control Lists" document at http://www.cisco.com/warp/public/707/iacl.html.
For information about using control plane policing to block access to TCP port 1720, see the "Deploying Control Plane Policing White Paper" at http://www.cisco.com/en/US/partner/products/ps6642/products_white_paper0900aecd804fa16a.shtml.
•CSCsd28214
Symptoms: A Cisco router that is running Cisco IOS Release 12.3(19) may crash due to a Watch Dog timeout while running the RIP routing protocol.
Conditions: The router may crash due to a Watch Dog timeout if an interface changes state at the exact same time a RIP route learned on that interface is being replaced with a better metric redistributed route. For example, RIP has learned the 192.168.1.0 network from Fast Ethernet 1/0. If RIP learns the 192.168.1.0 network from a redistributed protocol that has a better metric, then the RIP route will be removed. If, during this time the Fast Ethernet 1/0 interface goes down, then the router may potentially crash due to a Watch Dog timeout.
Workaround: There is no workaround.
•CSCsd81861
Symptoms: A router may unexpectedly reload due to a bus error after being reloaded or power cycled. The last console output in the crashinfo will be the ima-group group number command before the crash.
Conditions: The router must have the ip telnet source- interface command or the ip tftp source- interface command configured to use an IMA sub-interface as the source. There also must be at least one ATM interface in the IMA group.
Workaround: Remove the IMA interface from the source interface command in the configuration.
•CSCsd85852
Symptoms: When a PVC is shut down on the remote side, the PVC subinterface on a router transitions from the down state to the up state within one second, but then remains in the down state after the down retry timers expire.
Conditions: This symptom is observed on a Cisco router that is configured for Operation, Administration, and Maintenance (OAM) and Dynamic Bandwidth Selection (DBS).
Workaround: There is no workaround.
•CSCsd87358
Symptoms: A Cisco router may crash when configuring a hierarchical service policy.
Conditions: This symptom is observed in a Cisco 7200 series router that is running Cisco IOS Release 12.3(6a). At the time of the crash, configuration contained missing keywords causing some of the configuration lines to be rejected and some classes without match statements.
Workaround: There is no workaround.
•CSCse05642
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCse39191
Symptoms: A Cisco router that is running DHCP service will run out of memory eventually and will require a reload to recover. You can confirm this by issuing the show proc mem | inc DHCP command and seeing that the process named "DHCPD Receive" consumes an increasing amount of memory until the available memory is exhausted.
In addition, the number of AAA sessions will constantly increase and will not decrease when DHCP bindings expire. You can see this by noticing how the output of the show aaa session and show aaa user all commands show a constantly increasing number of sessions, with those associated with DHCP bindings never vanishing.
Conditions: This problem is always seen on Cisco routers operating as a DHCP relay or server with one or more DHCP pools configured via the ip dhcp pool name command where accounting dhcp is configured in at least one pool, and the configured poolname is not the name of a valid AAA method list.
This problem may also be seen when there is very little free processor memory on the router, enabling the allocation of some but not all data structures necessary to perform accounting for a DHCP binding.
Workaround 1: If you do not want AAA accounting for DHCP leases, disable accounting method MethListName in the DHCP pool by configuring no accounting method MethListName while in the pool configuration mode.
Workaround 2: If you want AAA accounting for DHCP leases, configure a valid accounting method list by configuring aaa accounting network methodlistname start-stop method1 where the configured method list name for the accounting method list EXACTLY matches the name provided on the accounting methodlistname line in the DHCP pool configuration.
•CSCse45425
Symptoms: A VAM2 may reset when it receives a malformed ESP packet, and a "Free Pool stuck" error message may be generated. This situation causes high CPU usage in the encryption process while the software is handling the encryption as opposed to the hardware. Even when the VAM2 recovers, the high CPU usage remains because the software-encrypted tunnels do not fall back to hardware encryption until the SA lifetime expires.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(19) or Release 12.4(7a).
Workaround: There is no workaround to prevent the symptom from occurring. After the symptom has occurred and after the VAM2 has recovered, disable software encryption by entering the no crypto engine software ipsec command to force the encryption back to the hardware.
•CSCse68138
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCse93156
Symptoms: IP route configurations, when configured, are not getting visible on the running and startup configurations. CMTS is accepting the IP route configuration, and also the show ip route command is getting updated with configured routes.
Conditions: The symptom occurs while configuring static route. The configured route will not get visible on running and startup configurations.
Workaround: There is no workaround.
•CSCsf04754
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
•CSCsf12037
Symptoms: An SNA Switch router may reload and display the following error message:
System returned to ROM by bus error at PC 0x61504EB0, address 0x58
Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.3(18).
Workaround: There is no workaround.
•CSCsf13740
Symptoms: A Cisco 7200 series router with VAM2+ Encryption/Compression engine, running Cisco IOS Release 12.4(10), may reload due to a bus error after a large service policy is applied to a Gig interface.
The following error messages may flood the console:
*crypto qos: get_shape_class fail, class=<name>
*crypto qos: get_shape_class fail, class=<name>
*crypto qos: get_shape_class fail, class=<name>
*crypto qos: get_shape_class fail, class=<name>
Crash:
%ALIGN-1-FATAL: Corrupted program counter 06:30:27 MEST Fri Aug 18 2006
pc=0x7E000000 , ra=0x6633E958 , sp=0x64DE2E40
%ALIGN-1-FATAL: Corrupted program counter 06:30:27 MEST Fri Aug 18 2006
pc=0x7E000000 , ra=0x6633E958 , sp=0x64DE2E40
06:30:27 MEST Fri Aug 18 2006: TLB (load or instruction fetch) exception, CPU
signal 10, PC = 0x7E000000
-Traceback= 0x7E000000
$0 : 00000000, AT : 63F00000, v0 : 00000001, v1 : 64DE2F90
a0 : 00000000, a1 : 663004BC, a2 : 00000188, a3 : 6454B6D0
t0 : 66419DD8, t1 : 661BFC08, t2 : 00000018, t3 : 00000000
t4 : 6410AD00, t5 : 00000001, t6 : 00000000, t7 : 00000000
s0 : 661BFE50, s1 : 66300940, s2 : 00000A61, s3 : 66302AC4
s4 : 6454AA3C, s5 : 618D9FF0, s6 : 663003A4, s7 : 63CA0000
t8 : 00000061, t9 : 6410AD00, k0 : 6571911C, k1 : 6080F4E4
gp : 63F0AA08, sp : 64DE2E40, s8 : 00000001, ra : 6633E958
EPC : 7E000000, ErrorEPC : BFC018D4, SREG : 3400FF03
MDLO : 00374C80, MDHI : 00000000, BadVaddr : 7E000000
Cause 00000008 (Code 0x2): TLB (load or instruction fetch) exception
Process watchdog registers:
$0 : 658FC0EC, AT : 00000000, v0 : 606CCE5C, v1 : 00000001
a0 : 658F9E6C, a1 : 00000000, a2 : 00000000, a3 : 658F6118
t0 : 00000000, t1 : 658FC0B8, t2 : 658FC0EC, t3 : 00000000
t4 : FFFFFFF7, t5 : 6080F4CC, t6 : 62B23BA8, t7 : 00000001
s0 : 00000000, s1 : 658F9E98, s2 : 6543A190, s3 : 00000018
s4 : 6543A190, s5 : 6643D788, s6 : 6497AA80, s7 : 6080F5A0
t8 : 662F5D6C, t9 : 00000001, k0 : 00000000, k1 : 658FC0B8
gp : 6497AA80, sp : 00000001, s8 : 658FC0EC, ra : 00000000
EPC : 658FC0B8, SP : 00000001, forkx : 00000000
Conditions: This symptom occurs when the router has a VAM+ encryption module.
Workaround: There is no workaround.
•CSCsf28840
A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
There are workarounds available for this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml
•CSCsf98345
Symptoms: An MPLS LDP peer on a default VRF resets when a VRF interface goes down.
Conditions: This symptom is observed on a Cisco router when the VRF interface is configured with a subnetwork address that overlaps with the default router ID.
Workaround: Reconfigure the VRF interface address so it does not overlap with the default router ID.
•CSCsg11718
Symptoms: A VRF may become stuck in the "Delete Pending" state.
Conditions: This symptom is observed on a Cisco router that is configured for MPLS VPN and Half-Duplex VRF (HDVRF) when you delete the VRF and then associate it with an interface before it is completely deleted.
Workaround: To ensure that the VRF is properly deleted, enter the shutdown interface configuration command on the interface with which the VRF is associated or remove the interface with which the VRF is associated.
•CSCsg16908
This bug documents the deprecation and removal of the Cisco IOS FTP Server feature.
•CSCsg42519
Symptoms: Router may reload by TLB exception (Bus Error) or Address error when configuring channelized interfaces.
Conditions: This behavior is observed on a Cisco router that is running Cisco IOS Release 12.3(20) when channelized interface is configured as follows:
Router(config)#<CmdBold>interface
Serial<noCmdBold><CmdArg>x/y:z<noCmdArg>
Router(config-if)# <CmdBold>frame-relay ip rtp header-compression
passive<noCmdBold>
Router(config-if)# <CmdBold>frame-relay ip rtp
compression-connections<noCmdBold> <CmdArg>number<noCmdArg>
Workaround: Shutdown the interface and temporarily remove the passive attribute from the header compression command prior to reducing the number of compression connections as follows:
Router(config)#interface
Serial x/y:z
Router(config-if)# shutdown
Router(config-if)# frame-relay ip rtp header-
compression
Router(config-if)# frame-relay ip rtp
compression-connections number
Router(config-if)# frame-relay ip rtp header-compression
passive
Router(config-if)# no shutdown
Further Problem Description: The issue was not reported when using Cisco IOS Releases 12.3T or 12.4.
•CSCuk57037
Symptoms: A router may crash when a serial interface of a neighboring router is brought up.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that is earlier than Release 12.4(8) and that is configured for IP Multicast when some interfaces on the router are configured for PIM. The symptom occurs when the serial interface that is brought up on the neighboring router is configured for PIM and the connecting interface on the Cisco router is not configured for PIM.
Workaround: Depending on the desired operation for the link, either enable PIM at both ends or disable PIM at both ends.
Wide-Area Networking
•CSCek55209
Symptoms: When the ppp multilink endpoint mac lan-interface command or the ppp multilink endpoint ip ip-address command is configured, the router may unexpectedly reload if the multilink interface goes to the DOWN state, for example, when a PVC virtual circuit is unconfigured.
Conditions: This symptom is observed on a Cisco router that is configured for Multilink PPP.
Workaround: There is no workaround. Do not use these configuration commands in Cisco IOS Releases 12.3, 12.4 or 12.2SB without a fix for this DDTS.
•CSCsd93740
Symptoms: A Cisco router is acting as a X25 switch. Both standard X25 route statements and hunt-groups are being used.
After a period of normal operations, output of the show x25 hunt- group command shows status full for all hunt-groups where destinations are reachable over XoT.
Other hunt groups where calls are forwarded over X25 serial interfaces do not show this problem. When problem is present, calls cannot be forwarded via hunt groups, and configured redundant routes are used.
Workaround: Unconfigure/configure back all X25 routes helps to recover in some cases. However, in some cases router reload is needed.
•CSCse12198
Symptoms: Individual B-channels on the primary T1 in the NFAS group sometimes go OOS for no reason.
Conditions: This symptom is observed when connected to a Cisco PGW that is running Cisco IOS Release 9.3(2). The Cisco AS5400 is connected to the Cisco PGW that is running RLM in the Signaling/Nailed mode.
Also, sometimes ISDN service goes OOS, and also channel states goes to 5 which is maintenance pending.
Workaround: When this happens, put ISDN service can be put back in service manually for individual CIC, but channel state cannot manually be put back in service unless the whole serial interface is bounced. This cannot be done when there is other traffic on the other b-channels.
•CSCse71875
Symptoms: A router may crash when you enter the frame-relay inverse-arp ip dlci command.
Conditions: This symptom is observed when you attempt to configure a hunt-group member.
Workaround: Do not enter the frame-relay inverse-arp ip dlci command. Rather, configure the hunt-group master dialer interface.
•CSCse78652
Symptoms: The queuing mode on Multilink interfaces is erroneously defaulting to fair queuing instead of FIFO. This is causing distributed Cisco Express Forwarding (dCEF) to fail on Cisco 7500 routers.
Conditions: This symptom happens on all Multilink interfaces.
Workaround: There is no workaround.
•CSCsf03251
Symptoms: Primary and backup NFAS interfaces may transition from WAIT to OOS even after receiving "in-service" message from the PSTN.
Conditions: This symptom is observed on a Cisco AS5400XM that is running several Cisco IOS 12.4 mainline and 12.4T releases.
Workaround: There is no workaround.
•CSCsf26705
Symptoms: A Cisco router may experience an unexpected reload when using traffic shaping on a Tunnel interface together with frame relay fragmentation.
Conditions: This symptom is observed on any Cisco router which has a Tunnel interface, configured with a traffic shaping service policy containing a priority class, whose traffic goes out over a frame relay PVC, configured for frame relay traffic shaping with fragmentation and fair queuing.
Workaround: Configure a service policy on the frame relay PVC instead of using fair queuing.
•CSCsf96318
Symptom: QSIG (ISO) call back (ring back) fails between a Cisco 3745 router and a Cisco 1760 router.
Conditions: The call back fails.
Workaround: There is no workaround.
•CSCsg15642
Symptoms: A PSTN Gateway unexpectedly restarts due to a lack of memory. Overtime memory utilization increases, and the show processes memory sorted command indicates that the ISDN process is allocating an increased amount of memory.
Conditions: This leak occurs when a SETUP message with Display IE is received.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(20a)
Cisco IOS Release 12.3(20a) is a rebuild release for Cisco IOS Release 12.3(20). The caveats in this section are resolved in Cisco IOS Release 12.3(20a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeg62070
Symptoms: Tracebacks or crash are seen during HTTP transactions with long URLs.
Conditions: The crash is seen when the length of any token in the URL of the request is excessively long.
Workaround: Disable HTTP server using the no ip http server command.
•CSCsj44081
Cisco IOS software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS software releases published after April 5, 2007.
Details: With the new enhancement in place, Cisco IOS software will emit a "%DATACORRUPTION-1-DATAINCONSISTENCY" error message when it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.
The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error
The error message is then followed by a traceback.
It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.
Recommended Action: Collect show tech-support command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the "%DATACORR UPTION-1-DATAINCONSISTENCY" message and note those to your support contact.
IBM Connectivity
•CSCsf28840
A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
There are workarounds available for this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml
Miscellaneous
•CSCeh15949
Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.
Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.
Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.
Further Problem Description: An example of this caveat is shown below.
When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.
Topology:
RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1
Router_RPM09_XF#show running-config
Building configuration...
Current configuration : 1190 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_RPM09_XF
!
boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker
interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any
Router_RPM09_XF#show ip access-list 101
Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#
The information below shows that the access list does not function:
Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open
•CSCej20505
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsb12598
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsd81407
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–Cisco IOS, documented as Cisco bug ID CSCsd85587
–Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
–Cisco Firewall Service Module (FWSM) CSCsi97695
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Note: Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
•CSCsd92405
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsd95616
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
•CSCse05642
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCse68138
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsf04754
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
•CSCsf08998
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsg16908
Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.
The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.
This vulnerability does not apply to the IOS FTP Client feature.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.
•CSCsg40567
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•CSCsg42519
Symptoms: Router may reload by TLB exception (Bus Error) or Address error when configuring channelized interfaces.
Conditions: This behavior is observed on a Cisco router that is running Cisco IOS Release 12.3(20) when channelized interface is configured as follows:
Router(config)#interface Serialx/y:z Router(config-if)# frame-relay ip rtp header-compression passive Router(config-if)# frame-relay ip rtp compression-connections number
Workaround: Shutdown the interface and temporarily remove the passive attribute from the header compression command prior to reducing the number of compression connections as follows:
Router(config)#interface Serialx/y:z Router(config-if)# shutdown Router(config-if)# frame-relay ip rtp header- compression Router(config-if)# frame-relay ip rtp compression-connections number Router(config-if)# frame-relay ip rtp header-compression passive Router(config-if)# no shutdown
Further Problem Description: The issue was not reported when using Cisco IOS Releases 12.3T or 12.4.
•CSCsg70474
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi01470
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•CSCsi60004
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi67763
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.
Cisco response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
TCP/IP Host-Mode Services
•CSCse05736
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–The router must have RCP enabled.
–The packet must come from the source address of the designated system configured to send RCP packets to the router.
–The packet must have a specific data content.
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.
Resolved Caveats—Cisco IOS Release 12.3(20)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(20). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(20). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCed21186
Symptoms: Incorrect "output IFMIB" counters are observed on the main interface.
Conditions: This symptom has been observed on a Cisco 7500 series router running Cisco IOS Release 12.0(25)S1 when an 802.1q VLAN is configured with Committed Access Rate (CAR). The "output CLI" and "input SNMP/CLI" counters are correct.
Workaround: There is no workaround.
•CSCin99788
Symptoms: An %AAA-3-ACCT_LOW_MEM_TRASH error message is generated when a low-memory condition occurs. When this situation occurs, a memory leak may occur in AAA data.
Conditions: This symptom is observed when an interface flaps and causes a very large number of sessions to go down simultaneously, in turn generating a very large number of accounting stop records. In this situation, the I/O memory may be held for a long time when accounting records are send and when an AAA server is slow or unreachable.
Workaround: There is no workaround.
•CSCsc91735
Symptoms: CyBus errors may occur during an HA switchover, causing most VIPs to be disabled on a Cisco 7500 series.
Conditions: This symptom is observed when MLP Multilink interfaces are configured on channelized T3 (CT3) port adapters.
Workaround: Reload microcode onto all affected VIPs.
•CSCsc97727
Symptoms: An access point may crash when you add or remove TACACS servers via the CLI.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(7)JA1 or Release 12.3(7)JA2 and that has the aaa accounting commands level default list-name group groupname command enabled. The symptom may also occur in other releases.
Workaround: Disable the aaa accounting commands level default list-name group groupname command.
Alternate Workaround: Use RADIUS instead of TACACS.
•CSCsd55847
Symptoms: A ping does not go through completely.
Conditions: This symptom is observed after you have entered the microcode reload command.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•CSCse10074
The crash happens only when an SNMP v3 user is configured with security model noauth or auth only and then in the snmp-server host configuration give the same SNMP v3 user as priv security model. This is wrong configuration.
Conditions: The problem always occurs when traps are triggered after the following software configurations are applied:
snmp-server user TESTUSER TESTUSER v3
snmp-server group TESTUSER v3 priv notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
snmp-server host 10.1.1.10 version 3 priv TESTUSER
snmp-server enable traps
Workaround: Do not give the wrong configuration.
•CSCse49728
Symptoms: SNMPv3 informs are not sent out after a device reload.
Conditions: This symptom is observed when SNMPv3 informs have been configured, and the device is reloaded.
Workaround: Re-enter any of the snmp-server host commands.
•CSCse52503
Symptoms: An RSP may generate tracebacks.
Conditions: This symptom is observed on a Cisco router that is configured for dCEF when you reload microcode onto the RSP. Note that the symptom is platform-independent.
Workaround: There is no workaround.
IBM Connectivity
•CSCse17611
Symptoms: When DLSw Ethernet Redundancy is configured, circuits may be established through the wrong switch.
Conditions: This symptom is observed in the following configuration:
–Clients are connecting to MAC A.
–Mapping statements are configured so that Switch 1 has a mapping of MAC A = MAC A and Switch 2 has a mapping of MAC B = MAC A.
The output of the show dlsw transparent map shows that Switch 1 has the active mapping and that Switch 2 has the passive mapping. All circuits should be established on Switch 1, but instead they are established on switch 2.
The outputs of the show dlsw trans neighbor and show dlsw trans map commands show correct information, but the output of the show dlsw cir cache command shows state "negative" on Switch 1 and state "positive" on Switch 2.
Workaround: There is no workaround. Note that all circuits are up and running, but they just go through the wrong router.
Interfaces and Bridging
•CSCin97786
Symptoms: An online insertion and removal (OIR) of a Versatile Interface Processor (VIP) that is installed in a Cisco 7500 series may cause the Route Switch Processor (RSP) to stop responding.
Conditions: This symptom is observed when two FDDI port adapters are installed in the VIP.
Workaround: There is no workaround.
•CSCsc66187
Symptoms: Error messages such as the following one may be generated on a Cisco 7500 series or Cisco 7600 series:
%CWPA-3-IPCALLOCFAIL: Failed to allocate IPC buffer for loveletter data
Conditions: This symptom is observed on a Cisco 7500 series and Cisco 7600 series that are configured with a 1-port Packet-over-SONNET OC-3c/STM-1 multimode port adapter (PA-POS-OC3MM) when you enter the no shutdown interface configuration command on the interface.
Workaround: There is no workaround.
•CSCsd40136
Symptoms: POS interfaces may remain in the up/down state after the router is upgraded to Cisco IOS interim 121-26.E6 image.
Conditions: This symptom has been observed on Cisco Catalyst 6500 series and Cisco 7600 series routers.
Workaround: Reload the FlexWAN or VIP in which the POS port adapter is installed.
•CSCse61893
Symptoms: A ping from a channelized T3 (CT3) port adapter may fail.
Conditions: This symptom is observed on a Cisco platform that is configured with a CT3 port adapter that functions in unchannelized mode.
Workaround: There is no workaround.
IP Routing Protocols
•CSCed84633
Symptoms: The interface-type and interface-number arguments in the distribute-list address family configuration command do not function.
Conditions: This symptom is observed on a Cisco platform that integrates the fix for caveat CSCea59206. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCea59206. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
Further Problem Description: The fix for CSCed84633 re-enables the interface-type and interface-number arguments in the distribute-list address family configuration command for both VRF interfaces and non-VRF interfaces.
•CSCek31478
Symptoms: When you modify an access control list (ACL) by entering the ip multicast boundary command, the command may not fully take effect.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S4 or Release 12.0(32)S but appears to be platform- and release-independent.
Workaround: Disable and re-enter the ip multicast boundary command.
Alternate Workaround: Enter the clear ip mroute * command.
•CSCsc10494
Symptoms: When an inter-area, external, or Not-So-Stubby Area (NSSA) route is learned via a link state update that follows the initial database synchronization, the route may not be added to the routing table by a partial shortest path first (SPF) computation even though the LSA is installed in the link state database. A subsequent full SPF computation causes the route to be added.
Conditions: This symptom is observed on a Cisco router and is most likely to occur when a large number of type 3, type 5, or type 7 LSAs are advertised and withdrawn.
Workaround: Trigger an action that causes a full SPF computation.
•CSCsd64173
Symptoms: A router may reload unexpectedly because of a bus error crash after you have removed a summary-prefix IPv6 OSPF command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)SXF but may also occur in other releases. The symptom occurs only when the summary-prefix IPv6 OSPF command is configured without any redistribute commands.
Workaround: Configure a redistribute command under the IPv6 OSPF configuration.
•CSCse51804
This caveats consists of two symptoms, two conditions, and two workarounds:
Symptom 1: A DMVPN tunnel may flap at regular intervals. The NHRP cache entry at the hub expires a long time before its expiration time.
Condition 1: These symptoms are observed on a Cisco router that runs Cisco IOS Release 12.4 when the DMVPN tunnel is up and when you enter the show ip nhrp brief and clear ip nhrp commands. When the tunnel comes up again (because of the NHRP registration by the spoke), the NHRP cache entry expires a long time before its expiration time.
Workaround 1: Do not enter the show ip nhrp brief command.
Symptom 2: A DMVPN tunnel may flap at regular intervals. The NHRP cache entry at the hub expires a long time before its expiration time.
Condition 2: These symptoms are observed on a Cisco router that runs Cisco IOS Release 12.4(6)T or a later release and occurs without any specific action.
Workaround 2: There is no workaround.
ISO CLNS
•CSCsd87651
Symptoms: A Cisco router that is configured for RPR or RPR+ may reload its standby RP when a configuration change is made to IS-IS.
The reload of the standby RP is proceeded by the following error messages:
%HA-3-SYNC_ERROR: Parser no match.
%HA-5-SYNC_RETRY: Reloading standby and retrying sync operation (retry 1).
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.4. Note, however, that the symptom is platform-independent for Release 12.4 and its derivatives. Any of the IS-IS global configuration commands may trigger the symptom. Following are a few examples of these IS-IS global configuration commands:
–is-type level-2-only
–lsp-gen-interval level-2 5 50 100
–redistribute eigrp
Workaround: There is no workaround.
Miscellaneous
•CSCec15400
Symptoms: A Versatile Interface Processor 4 (VIP4) with an E1 controller may reload unexpectedly and display the following error message:
%ALIGN-1-FATAL: Illegal access to a low address
addr=0x28, pc=0x604716A8, ra=0x604711FC, sp=0x60D66628
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(15)T2, Release 12.2(15)T5, or Release 12.3.
Workaround: There is no workaround.
•CSCeh18855
Symptoms: A router may crash when you attempt to unconfigure a service policy.
Conditions: This symptom is observed on a Cisco router that is configured for Network Based Application Recognition (NBAR).
Workaround: There is no workaround.
•CSCek26492
Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
•CSCek37177
The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID CSCek37177.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml
•CSCek37686
Symptoms: A Cisco AS5350 may reload because of a bus error (SIG=10).
Conditions: This symptom is observed when SNMP is configured and when SNMP queries are made into the Cisco AS5350.
Workaround: Disable SNMP or stop polling the router.
•CSCek38939
Symptoms: The input error counter may not be incremented for packet errors such as runts, CRC errors, and overrun errors.
Conditions: This symptom is observed on a Cisco 7200 series that has an NPE-G1.
Workaround: There is no workaround.
•CSCek47283
Symptoms: A router cannot be reloaded by entering the reload command, and the following message is displayed when you attempt to reload the router:
The startup configuration is currently being updated. Try again.
Conditions: This symptom is observed under rare conditions and may be triggered after an "Invalid pointer value in private configuration structure" error message is displayed (as seen in caveat CSCin98933). This symptom is observed in Cisco IOS interim Release 12.3(19.7), interim Release 12.4(6.5), and interim Release 12.4(6.5)T, and in later releases.
Workaround: There is no workaround.
•CSCsb53884
Symptoms: A Cisco 7200 series may hang, stop forwarding traffic, and stop responding to the console.
Conditions: This symptom is observed on a Cisco 7200 series that has the ip audit command enabled.
Workaround: There is no workaround.
•CSCsb93407
Symptoms: With H323 call service stopped, the router still listens on tcp port 1720 and completes connection attempts.
Conditions: After H323 is disabled using the configuration commands:
voice service voip
h323
call service stop
Workaround: Access can be blocked by deploying an interface access list that blocks access to TCP port 1720 for traffic that is destined for any of the IP addresses of the router.
For information about deploying access lists, see the "Transit Access Control Lists: Filtering at Your Edge" document: http://www.cisco.com/warp/public/707/tacl.html
For further information about deploying access lists, see the "Protecting Your Core: Infrastructure Protection Access Control Lists" document: http://www.cisco.com/warp/public/707/iacl.html
For information about using control plane policing to block access to TCP port 1720, see the "Deploying Control Plane Policing White Paper:" http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html
•CSCsc11636
Symptoms: A router requires a very long time to boot (more than 5 minutes, potentially hours). Also, changes to the QoS configuration may require long times.
Conditions: This symptom is observed when the QoS configuration has a complex arrangement of many policies that reference many access control entries (ACEs) through a number of class maps. The time required is, roughly, proportional to the number of combinations of interfaces, policies, classes, and ACEs. For example, if each of 200 interfaces has a QoS policy, each policy uses five class maps, each class map references two ACLs, and each ACL has 30 entries, there are 60,000 combinations.
Workaround: Either reduce the number of combinations of interfaces, policies, class maps, and ACEs, or load the configuration in two stages. The first stage (from NVRAM) should contain the interface and ACL definitions, and the second stage (from another file) should contain the classes and policies.
•CSCsc72722
Symptoms: TCP connections that are opened through a Cisco IOS Firewall (CBAC) may not timeout.
Conditions: With Cisco IOS Firewall (CBAC) enabled, the TCP idle timer for a session may be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This could lead to the TCP session not timing out.
Workaround: There is no workaround.
•CSCsc79700
Symptoms: URL filtering takes an excessively long time to revert to the allow mode if a URL Filtering Server is unavailable.
Conditions: This symptom is observed when a communication loss occurs between the router and the URL Filtering Server because of a failure or an excessive load on the URL Filtering Server, or because of a network connectivity failure between the router and the URL Filtering Server.
Workaround: There is no workaround.
•CSCsd04075
Symptoms: The voice ports of a Cisco IOS Voice over IP (VoIP) gateway that terminates fax calls may lock up and not accept any new calls. The following error messages may be generated on the console or syslog (if enabled):
%HPI-3-CODEC_NOT_LOADED: channel:2/0/0 (171) DSP ID:0x1, command failed as
codec not loaded 0
- Traceback= 615D2FA8 615C8528 617D5044 617D5258 61BBCD44 61BBD764 617BAE88
617BBD38 6138720C
Conditions: This symptom is observed on a Cisco 3600 series router but is not platform-dependent.
Workaround: Disable T.38 and use fax passthrough.
•CSCsd13920
Symptoms: CEF switching is broken for voice traffic on some interfaces, which breaks the transcoding feature. The caller then experiences no voice path.
Conditions: This symptom has been observed on some network modules and interfaces.
Workaround: Disable the ip cef command.
•CSCsd28214
Symptoms: A Cisco router that is running Cisco IOS Release 12.3(19) may crash due to a Watch Dog timeout while running the RIP routing protocol.
Conditions: The router may crash due to a Watch Dog timeout if an interface changes state at the exact same time a RIP route learned on that interface is being replaced with a better metric redistributed route. For example, RIP has learned the 192.168.1.0 network from Fast Ethernet 1/0. If RIP learns the 192.168.1.0 network from a redistributed protocol that has a better metric, then the RIP route will be removed. If, during this time the Fast Ethernet 1/0 interface goes down, then the router may potentially crash due to a Watch Dog timeout.
Workaround: There is no workaround.
•CSCsd46323
Symptoms: The standby RP reboots when you perform an OIR of an active VIP that is installed in any slot of the router.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS interim Release 12.4(7.10) and that is configured for RPR, RPR+, or SSO. The symptom may also affect other releases.
Workaround: There is no workaround.
•CSCsd61780
Symptoms: A router crashes because of errors from checkheaps.
Conditions: This symptom is observed when hundreds of CLI commands are entered in virtual-template mode.
Workaround: There is no workaround.
•CSCsd65289
Symptoms: When applying a service-policy to a subinterface, the router crashes.
Conditions: This problem happens on an ATM subinterface with a large amount of subinterfaces with service-policies applied.
Workaround: There is no workaround.
•CSCsd69480
Symptoms: The following error message is displayed:
%HYPERION-4-HYP_RESET: Hyperion Error Interrupt
Resetting ASIC messages when links flap on flexwan2 with STM-1 PA interface stats show line errors for that flapping line.
Conditions: This symptom is observed on a Cisco 7600 router and PA: PA-MC-STM1 that is running Cisco IOS Release 12.2(17d)SXB9.
Workaround: There is no workaround.
•CSCsd74000
Symptoms: A slot controller such as a slot controller of a VIP4-80 may reset because of a TLB (load or instruction fetch) exception.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(17b) or Release 12.4, that has T1 or E1 port adapters installed in the slot that is controlled by the slot controller that resets, and that has NBAR configured.
Workaround: Remove the NBAR configuration.
•CSCsd76528
This caveat consists of two symptoms, two conditions, and two workarounds:
Symptom 1: None of the policy classes after the first child policy of a hierarchical QoS policy take effect when you reload the router.
Condition 1: This symptom is observed on a Cisco 7304 that has hierarchical QoS policies with multiple child policies but may also occur on other platforms.
Workaround 1: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, enter the service-policy output interface configuration command to enable the child policies to take effect. Note that the symptom does not occur for a hierarchical QoS policy with only one child policy in the very last class of the parent policy.
Symptom 2: On a Cisco 10000 series that is configured with hierarchical queueing policies, when you remove the match vlan command for a VLAN that matches a dot1q subinterface, the queues that are allocated to the subinterface are not cleared, allowing traffic to continue to flow through these queues.
Condition 2: This symptom is observed on a Cisco 10000 series that has hierarchical QoS policies with multiple child policies but may also occur on other platforms.
Workaround 2: There is no workaround. Note that the symptom does not occur for a hierarchical QoS policy with only one child policy in the very last class of the parent policy.
•CSCsd80754
Symptoms: The active router in an HSRP configuration may not respond to an ARP request for the virtual IP address. When the symptom occurs, both routers in the HSRP configuration have correct HSRP and ARP entries. Entering the clear arp command on the standby router in the HSRP configuration does not resolve the problem.
Conditions: This symptom is observed when the same HSRP virtual IP address exists in different HSRP groups on different routers.
Workaround: Enter the no standby redirects command to prevent the symptom from occurring.
•CSCsd85852
Symptoms: When a PVC is being shutdown on the remote side, the PVC subinterface on the Cisco 10000 router transitions from down to up within one second, and then stays down after the down retry timers expire. This is seen when using OAM and DBS.
Conditions: This symptom is observed on a Cisco 10008 that is using Cisco IOS Release 12.3(7)XI7a.
Workaround: There is no workaround.
•CSCsd93522
Symptoms: An NPE-G2 crashes when you first enter the no ima-group command, then you enter the atm vc command for the IMA group, and finally you enter the show vc command.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an IMA port adapter.
Workaround: First configure an IMA group. Then, configure a VC for this IMA group.
•CSCsd95616
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
•CSCse17175
Symptoms: The line protocol may go down on some of the serial interfaces of a 1-port multichannel STM-1 single mode port adapter.
Conditions: This symptom is observed on a Cisco router when the maximum number of channel groups (256) is configured on the port adapter.
Workaround: There is no workaround.
•CSCse25166
Symptoms: A traceback may be generated when you enter the show funi pvc interface serial x/y command.
Conditions: This symptom is observed on a Cisco router when a null data structure is accessed.
Workaround: There is no workaround.
•CSCse25331
Symptoms: After upgrading the Cisco IOS on a Cisco 7200 series router that is using a PA-A3-IMA, shaping accuracy problems can be observed. The PVC is shaped at a rate bigger than the configured value.
Conditions: This problem is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•CSCse42991
Symptoms: A memory leak may occur in the CEF Scanner process of a Cisco 7200 VXR router that has an NPE-G1 processor when a virtual-template interface is configured to perform CEF load balancing on a per-packet basis instead of a per-destination basis.
Conditions: This symptom is observed on a 7204VXR that functions as an LNS and that runs the c7200-js-mz image of Cisco IOS Release 12.3(15) or the 7200-js-mz image of Cisco IOS Release 12.3(19). The symptom may also occur in other releases.
Workaround: Use the default CEF load balancing on a per-destination basis. If you need to configure loadbalancing on a per-packet basis, disable IP CEF accounting by entering the no ip cef accounting per-prefix non-recursive command.
•CSCse45425
Symptoms: A VAM2 may reset when it receives a malformed ESP packet, and a "Free Pool stuck" error message may be generated. This situation causes high CPU usage in the encryption process while the software is handling the encryption as opposed to the hardware. Even when the VAM2 recovers, the high CPU usage remains because the software-encrypted tunnels do not fall back to hardware encryption until the SA lifetime expires.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(19) or Release 12.4(7a).
Workaround: There is no workaround to prevent the symptom from occurring. After the symptom has occurred and after the VAM2 has recovered, disable software encryption by entering the no crypto engine software ipsec command to force the encryption back to the hardware.
•CSCse52987
Symptoms: The line protocol on a newly configured SRP interface may remain down and does not come up after you have entered the no shutdown command.
Conditions: This symptom is observed on a Cisco router that has an SRP/DPT port adapter.
Workaround: There is no workaround.
•CSCse55522
Symptoms: A Versatile Interface Processor (VIP) with CT3 PA crashes continuously.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS interim Release 12.4(9.9).
Workaround: There is no workaround.
Terminal Service
•CSCej00344
Symptoms: A Cisco router that is configured for X.25 routing may reload unexpectedly.
Conditions: The problem is experienced in Cisco IOS Release 12.3(14)T2 with X.25-over-TCP (XOT) configuration.
Workaround: There is no workaround.
Wide-Area Networking
•CSCek40618
Symptoms: A router may crash by address error (load or instruction fetch) exception during normal operation.
Conditions: This symptom has been observed when the router is configured with VPDN and Multilink PPP, using Virtual-Template interfaces.
Workaround: There is no workaround.
•CSCsd38761
Symptoms: A router may crash when the AAA per-user attribute idletime is specified in the user profile.
Conditions: This symptom is observed on a Cisco router that is configured for PPP and AAA.
Workaround: Do not specify the AAA per-user attribute idletime in the user profile.
•CSCsd74130
Symptoms: When an HSSIRSET, SERRSET, or FDDIRSET error message is generated or when the output becomes stuck, a VIP does not come up during its first recovery attempt.
Conditions: This symptom is observed on a Cisco platform that is configured with a VIP when a CCB timeout occurs during an IDB reset or when the output becomes stuck.
Workaround: There is no workaround.
•CSCse05777
Symptoms: A router may reload unexpectedly when you configure more multilink interfaces than the maximum number that the router can support. The router should not reload but should generate an error message.
Conditions: This symptom is observed on any Cisco router that imposes a limit on the number of multilink interfaces.
Workaround: Do not exceed the maximum number of multilink interfaces.
•CSCse38823
Symptoms: Multihop router fails establishing a session from LAC. CDN is sent by one of the following reasons:
L2TP: disconnect (AAA) IETF: 15/service-unavailable Ascend: 67/VPDN Softshut/Session Limit
L2TP: disconnect (L2X) IETF: 9/nas-error Ascend: 62/VPDN No Resources
Conditions: This problem can happen to either a multihop LAC or a simple LAC that accepts dial in, if LAS has multiple destination LNSes configured in some vpdn-group and the LNSes have per vpdn-group session limit configured in the vpdn-groups that accept the sessions from the LAC.
Workaround: Configure the minimal L2TP tunnel timeout value (5 seconds) in the vpdn-group on LAC that experiences the problem. The CLI is as follows:
l2tp tunnel busy timeout 5
Workaround 2: Do not configure load balancing.
Workaround 3: Create some loopback interfaces on the LNSes for different vpdn- groups on the LACs to use. That is, configuring different vpdn-groups on a LAC to use distinct loopback addresses on the LNSes. Therefore, when a LAC gets a "busy" CDN back from the LNSes, the LAC will only put the particular LNS address for the corresponding vpdn-group on busy list, without affecting other LNS vpdn-groups capacity to accept new sessions.
•CSCse78652
Symptoms: The queuing mode on Multilink interfaces is erroneously defaulting to fair queuing instead of FIFO. This is causing distributed Cisco Express Forwarding (dCEF) to fail on Cisco 7500 routers.
Conditions: This symptom happens on all Multilink interfaces.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(19a)
Cisco IOS Release 12.3(19a) is a rebuild release for Cisco IOS Release 12.3(19). The caveats in this section are resolved in Cisco IOS Release 12.3(19a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeg62070
Symptoms: Tracebacks or crash are seen during HTTP transactions with long URLs.
Conditions: The crash is seen when the length of any token in the URL of the request is excessively long.
Workaround: Disable HTTP server using the no ip http server command.
•CSCse85200
Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router.
Since CDP is a layer-2 protocol, this issue can only be triggered by systems that are residing on the same network segment.
Workaround: Disable on interfaces where CDP is not necessary.
•CSCsj44081
Cisco IOS software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS software releases published after April 5, 2007.
Details: With the new enhancement in place, Cisco IOS software will emit a "%DATACORRUPTION-1-DATAINCONSISTENCY" error message when it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.
The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error
The error message is then followed by a traceback.
It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.
Recommended Action: Collect show tech-support command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the "%DATACORR UPTION-1-DATAINCONSISTENCY" message and note those to your support contact.
IBM Connectivity
•CSCsf28840
A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
There are workarounds available for this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml.
Miscellaneous
•CSCeh15949
Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.
Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.
Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.
Further Problem Description: An example of this caveat is shown below.
When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.
Topology:
RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1
Router_RPM09_XF#show running-config
Building configuration...
Current configuration : 1190 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_RPM09_XF
!
boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker
interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any
Router_RPM09_XF#show ip access-list 101
Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#
The information below shows that the access list does not function:
Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open
•CSCsb12598
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsb93407
Symptoms: When H323 call service stops, the router still listens on TCP port 1720 and completes connection attempts.
Conditions: This symptom occurs after H323 is disabled using the following configuration commands:
voice service voip h323 call service stop
Workaround: Access can be blocked by deploying an interface access list that blocks access to TCP port 1720 for traffic that is destined for any of the IP addresses of the router.
For information about deploying access lists, see the "Transit Access Control Lists: Filtering at Your Edge" document at http://www.cisco.com/warp/public/707/tacl.html
For further information about deploying access lists, see the "Protecting Your Core: Infrastructure Protection Access Control Lists" document at http://www.cisco.com/warp/public/707/iacl.html.
For information about using control plane policing to block access to TCP port 1720, see the "Deploying Control Plane Policing White Paper" at http://www.cisco.com/en/US/products/ps6642/products_white_paper0900aecd804fa16a.shtml.
•CSCsc72722
Symptoms: TCP connections that are opened through a Cisco IOS Firewall (CBAC) may not timeout.
Conditions: With Cisco IOS Firewall (CBAC) enabled, the TCP idle timer for a session may be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This could lead to the TCP session not timing out.
Workaround: There is no workaround.
•CSCsd81407
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–Cisco IOS, documented as Cisco bug ID CSCsd85587
–Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
–Cisco Firewall Service Module (FWSM) CSCsi97695
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtm.
Note: Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
•CSCsd92405
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsd95616
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
•CSCse45425
Symptoms: A VAM2 may reset when it receives a malformed ESP packet, and a "Free Pool stuck" error message may be generated. This situation causes high CPU usage in the encryption process while the software is handling the encryption as opposed to the hardware. Even when the VAM2 recovers, the high CPU usage remains because the software-encrypted tunnels do not fall back to hardware encryption until the SA lifetime expires.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(19) or Release 12.4(7a).
Workaround: There is no workaround to prevent the symptom from occurring. After the symptom has occurred and after the VAM2 has recovered, disable software encryption by entering the no crypto engine software ipsec command to force the encryption back to the hardware.
•CSCse56501
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.
•CSCse68138
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsf04754
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
•CSCsg16908
Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.
The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.
This vulnerability does not apply to the IOS FTP Client feature.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.
•CSCsg40567
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•CSCsg70474
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi01470
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•CSCsi60004
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi67763
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.
Cisco response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
TCP/IP Host-Mode Services
•CSCse05736
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–The router must have RCP enabled.
–The packet must come from the source address of the designated system configured to send RCP packets to the router.
–The packet must have a specific data content.
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.
Resolved Caveats—Cisco IOS Release 12.3(19)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(19). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(19). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCea36491
Symptoms: When a Telnet session is made to a router after a VTY session pauses indefinitely, the user in the Telnet session may not be able to enter the configuration mode. When these symptoms occur, interfaces may enter the wedged state with Simple Network Management Protocol (SNMP) traffic.
Conditions: This behavior is observed on ATM and Packet over SONET (POS) interfaces. This behavior is not platform-specific.
Workaround: Disable Simple Network Management Protocol (SNMP) configuration traps by entering the no snmp-server enable traps config global configuration command.
•CSCee41892
Symptoms: A VIP4-80 card may fail to load the Cisco IOS software image. When this situation occurs, the following error messages are generated:
%DBUS-3-SW_NOTRDY: DBUS software not ready after HARD_RESET, elapsed 13056,
status 0x0
%DBUS-3-WCSLDERR: Slot 2, error loading WCS, status 0x4 cmd/data 0xDEAD pos 97
%DBUS-3-WCSLDERR: Slot 2, error loading WCS, status 0x4 cmd/data 0xDEAD pos 99
%UCODE-3-LDFAIL: Unable to download ucode from system image in slot 2, trying
rom ucode
%RSP-3-NOSTART: No microcode for VIP4-80 RM7000 card, slot 2
Conditions: This symptom is observed on a Cisco 7500 series when you enter the microcode reload command.
Workaround: There is no workaround.
Further Problem Description: The symptom may also occur because of improperly installed line cards. If this situation occurs, re-install the line cards.
•CSCef68681
Symptoms: A CBUS complex may occur, causing all VIPs to reload and to be reconfigured. In turn, this situation prevents the router from being accessible for 30 seconds.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0S when you change the MTU of an already existing interface or when you add a new interface. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCej57779
Symptoms: A reload of a Cisco 7600 router, with a huge number (for example, 1000) of VRF configured with BGP/VPN learning redistributed routers, may cause some VRFs to not learn distributed routes from the peer.
Conditions: The number of configured VRF should be huge. This symptom has been observed in Cisco IOS Release 12.2SRA. This symptom is not applicable to Cisco IOS Release 12.4.
Workaround: The symptom can be resolved on the per VRF basis by removing the VRF instance and the BGP/VPN configuration for this instance and then adding them back.
•CSCek32365
Symptoms: A Cisco 7500 series that is configured with more than two VIP 4-80 or VIP 6-80 processors may crash during the boot process and may not boot at all.
Conditions: This symptom is observed on a Cisco 7500 series that runs a Cisco IOS software image that includes he fix for caveat CSCei45236. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCei45236. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•CSCek36902
Symptoms: A Cisco 7500 series may generate a "%CBUS-3-CMDONPROC" error message and a traceback.
Conditions: This symptom is observed on a Cisco 7500 series with a Fast Serial Interface Processor (FSIP) when you perform an OIR.
Workaround: There is no workaround.
•CSCsb14371
Symptoms: A Cisco 7500 series may log the following error message even if no VIP is installed in slot 0:
%IPC_RSP_CBUS-3-NOHWQ: Hardware queue for card at slot 0 not found
Conditions: This symptom is observed after a crash of another VIP has occurred. Sometimes the symptom occurs when a VIP is installed in slot 0 but most of the time there is no VIP in slot 0 when the symptom occurs.
Workaround: There is no workaround.
•CSCsc19289
Symptoms: MC-T1 is disabled and wedged when changing the MTU size on the MC-T1 interface.
Conditions: This symptom has been observed when dLFIoLL is configured on a Cisco 7500 router and the MTU size on MX-serial interface is changed.
Workaround: Remove and replace the MC-T1 or micro reload the MC-T1.
•CSCsc70055
Symptoms: A Cisco 7200 series may crash when you perform a graceful OIR of a port adapter that is processing traffic.
Conditions: This symptom is observed mostly when the port adapter processes ingress traffic.
Workaround: Do not perform a graceful OIR. Rather, perform a manual OIR.
•CSCsd63874
A traceback may occur in the "send_link_monitor_config_cmd" function and the following error message may be generated:
%CBUS-3-CMDONPROC: Cmd not interrupt protected
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: There is no workaround.
Interfaces and Bridging
•CSCek27126
Symptoms: A router may crash when you remove a label-controlled ATM (LC-ATM) subinterface and may generate an "%ALIGN-1-FATAL: Corrupted program counter" error message.
Conditions: This symptom is observed on a Cisco 7200 series but may be platform-independent.
Workaround: Shut down the main interface before you remove the subinterface.
•CSCsc66187
Symptoms: Error messages such as the following one may be generated on a Cisco 7500 series or Cisco 7600 series:
%CWPA-3-IPCALLOCFAIL: Failed to allocate IPC buffer for loveletter data
Conditions: This symptom is observed on a Cisco 7500 series and Cisco 7600 series that are configured with a 1-port Packet-over-SONNET OC-3c/STM-1 multimode port adapter (PA-POS-OC3MM) when you enter the no shutdown interface configuration command on the interface.
Workaround: There is no workaround.
•CSCsd40136
Symptoms: POS interfaces may remain in the up/down state after the router is upgraded to Cisco IOS interim 121-26.E6 image.
Conditions: This symptom has been observed on Cisco Catalyst 6500 series and Cisco 7600 series routers.
Workaround: Reload the FlexWAN or VIP in which the POS port adapter is installed.
•CSCsd41989
Symptoms: A T3 controller remains down when loopback local is configured.
Conditions: This symptom is observed on a Cisco platform that is configured with a channelized T3 port adapter when the T3 controller is in an unavailable seconds (UAS) state.
Workaround: Remove the cause of the UAS state for the T3 controller.
•CSCsd63918
Symptoms: A router reloads unexpectedly when you enter the bridge-group bridge-group command as part of an ATM PVC configuration.
Conditions: This symptom is observed on a Cisco router that is configured with an ATM port adapter such as a PA-A2 port adapter.
Workaround: There is no workaround.
IP Routing Protocols
•CSCee83549
Symptoms: When multipath is configured, one of the paths may have an inconsistent (old) label, causing only one path to be operational.
Conditions: This symptom is observed when BGP does not update the outlabel information in the TFIB and for CEF.
Workaround: Clear or readvertise the route that is inoperational.
•CSCek25582
Symptoms: Spurious memory accesses may be (continuously) generated at the "igmp_process_timers" function.
Conditions: This symptom is observed on a Cisco router that is configured for multicast routing.
Workaround: There is no workaround.
•CSCek32244
Symptoms: Not all classful networks are locally generated in the BGP table.
Conditions: This symptom is observed on a Cisco router that has the auto-summary command enabled and occurs when classful networks are provided before the routes are made available in the routing table.
Workaround: There is no workaround.
•CSCek33991
Symptoms: A router may reset unexpectedly when it is in the midst of output of the results of the show interface dampening command, and the interface is deleted from another vty connection.
Conditions: This symptom can be encountered if concurrent connections are opened to a router, and the show interface dampening command is issued while interface(s) are deleted.
Workaround: Ensure interfaces with dampening configured are not deleted while the show interface dampening command can be possibly issued on another vty.
•CSCsc56595
Symptoms: When an OSPFv3 router has more IPv6 prefixes in a single OSPFv3 area than can be advertised in a single intra-area prefix Link State Advertisement (LSA) that is small enough to be advertised via the normal IPv6 Maximum Transmission Unit (MTU), the additional IPv6 prefixes are not advertised.
Conditions: This symptom is observed when many interfaces with IPv6 global addresses are configured in a single OSPFv3 area and when the size of the LSA is less than the normal IPv6 interface MTU.
Workaround: Spread the IPv6 interfaces over multiple OSPFv3 areas.
•CSCsc78813
Symptoms: While using NAT in an overlapping network configuration, the IP address inside a DNS reply payload from the nameserver is not translated at the NAT router.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(18) and that has the ip nat outside source command enabled. The symptom could also occur in Release 12.4 or Release 12.4T.
Workaround: There is no workaround.
•CSCsd11019
Symptoms: A Cisco IOS router with OSPFv3 and a virtual link configured may crash when there is a switchover.
Conditions: This symptom is observed on Cisco platforms supporting switchover when OSPFv3 is configured with the area transit- area-id virtual-link transit-router- id command configured.
Workaround: There is no workaround.
•CSCsd15770
Symptoms: High CPU utilization occurs during PPPoEoQinQ session setup.
Conditions: This symptom occurs when Internet Group Management Protocol (IGMP) is enabled.
Workaround: There is no workaround.
•CSCsd16043
Symptoms: A Cisco IOS platform that is configured for Auto-RP in a multicast environment may periodically lose the RP to group mappings.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(17) when the RP drops the Auto-RP announce messages, which is shown in the output of the debug ip pim auto-rp command. This situation may cause a loss of multicast connectivity while the RP mappings are purged from the cache. See the following output example:
Auto-RP(0): Received RP-announce, from ourselves (X.X.X.x), ignored
Note that the symptom may also affect Cisco IOS Release 12.4 and Release 12.4T.
Workaround: Create a dummy loopback interface (do not use the configured IP address in the whole network) and use the ip mtu to configure the size of the MTU for the RP interface to 1500 and the size of the MTU for the dummy loopback interface to 570, as in the following examples:
interface Loopback1
ip address 10.10.10.10 255.255.255.255
ip mtu 570
ip pim sparse-mode
end
(This example assumes that the Auto-RP interface is loopback 0.)
interface Loopback0
ip address 10.255.1.1 255.255.255.255
ip mtu 1500
ip pim sparse-dense-mode
end
ISO CLNS
•CSCsb89900
This caveat consists of two symptoms, two conditions, and two workarounds:
Symptom 1: Corrupted timer data structures may cause tracebacks in an IS-IS environment.
Condition 1: This symptom is observed when an IS-IS instance is configured for IPv6 interfaces only, when the IS-IS instance has a passive interface, and when you take the following actions:
–You enter the no router isis command.
–You then re-enable IS-IS, including on the passive interface, which then becomes an active IPv6 interface.
Workaround 1: Do not configure a passive interface if an IS-IS instance is configured for an IPv6 interface only. If you must configure a passive interface in an IS-IS instance, do not enable IS-IS on this passive interface after you have disabled IS-IS at the global via the no router isis command.
Symptom 2: IS-IS may crash or function unreliably because of uninitialized or freed data structures.
Condition 2: This symptom is observed when a passive interface is configured and when the following actions occur:
–IS-IS is disabled on all interfaces (whether IPv4 or IPv6 interfaces), one by one on.
–Then, the no router isis command is entered to disable IS-IS globally.
–Next, IS-IS is globally enabled and the passive interface is made active via the ip router isis or ipv6 router isis command.
Workaround: Do not use a passive interface in an IS-IS environment. If you must use a passive interface in an IS-IS environment, prevent the actions that are described in Condition 2.
Miscellaneous
•CSCdz18851
Symptoms: When you reload microcode onto a line card or perform an OIR of a line card, a spurious memory access error may be logged on some or all other line cards in the router.
Conditions: This symptom is observed on a Cisco router that is configured for IPv6 dCEF when an IPv6 route is loadbalanced across two equal cost paths that both leave the router on interfaces of the same line card, which is the line card onto which you reload microcode or on which you perform an OIR.
Workaround: There is no workaround.
•CSCec15400
Symptoms: A Versatile Interface Processor 4 (VIP4) with an E1 controller may reload unexpectedly and display the following error message:
%ALIGN-1-FATAL: Illegal access to a low address
addr=0x28, pc=0x604716A8, ra=0x604711FC, sp=0x60D66628
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(15)T2, Release 12.2(15)T5, or Release 12.3.
Workaround: There is no workaround.
•CSCeg55213
Symptoms: Ethernet VLAN data counters may not be updated for a virtual circuit (VC) that is configured for Xconnect.
Conditions: This symptom is observed on a Cisco platform that has the EoMPLS VLAN mode enabled.
Workaround: There is no workaround.
•CSCeh85133
Symptoms: A memory leak may occur when an SNMP trap is sent to a VRF destination. The output of the show processes memory command shows that the memory that is held by the process that creates the trap increases, and eventually causes a MALLOC failure. When this situation occurs, you must reload the platform.
Conditions: This symptom is platform-independent and occurs in a configuration in which at least one VRF destination has the snmp-server host command enabled.
Workaround: Ensure that no VRF is associated with the snmp-server host command.
•CSCei05246
Symptoms: After an OIR of a PA-MC-E3 port adaptor that is installed in a VIP6-80, the serial interfaces do not transmit. The message "not transmitting" is generated, followed by "output frozen." After these messages, a Cbus Complex occurs.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: There is no workaround.
•CSCei21877
Symptoms: The first modem in a service processing element (SPE) is marked busy and the state of the SPE is reported as BAD.
Conditions: This symptom is observed on a Cisco AS5800 that is configured with MICA modems.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected SPE to recover the modem from the busy state.
•CSCej27978
Symptoms: A CE router that is configured for VRFLite does not receive Auto-RP mappings.
Conditions: This symptom is observed when MDS is enabled on the multilink interface that connects the CE router and the PE router.
Workaround: Configure process switching on the multilink interface that connects the CE router and the PE router by entering the no ip mroute-cache interface configuration command.
•CSCek26492
Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
•CSCek33253
Symptoms: NextPort modems that function in a T1 CAS signaling configuration do not dial all the DTMF digits successfully.
Conditions: This symptom is observed when you enter valid DTMF digits such as # and * in a dial string.
Workaround: Use MICA modems instead of NextPort modems.
Alternate Workaround: Use ISDN PRI T1 instead of T1 CAS signaling.
•CSCek37177
The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID CSCek37177.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml
•CSCin86885
Symptoms: A VIP6-80 in which a PA-MC-STM-1SMI is installed may crash.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS interim release for Release 12.0(31)S after link flaps occur on the PA-MC-STM-1SMI that has QOS configured on its serial interfaces.
Workaround: There is no workaround.
•CSCin95988
Symptoms: When a single DSP is used to make both a modem call and a fax-relay call, the calls fail, and tracebacks are generated on the terminating gateway (TGW).
Conditions: This symptom is observed on Cisco platforms that are running Cisco IOS Release 12.3(13b) or Release 12.3(16) in the following topology:
Call originator---T1---OGW---VoIP---TGW---T1 PRI---call recipient
Workaround: Use different DSPs for modem and fax-relay calls.
•CSCsa61635
Symptoms: A Cisco router may reload unexpectedly because of a bad block pointer.
Conditions: This symptom is observed on a Cisco 3660 that has a GRE tunnel configuration. The symptom may be platform-independent.
Workaround: There is no workaround.
•CSCsa63173
Symptoms: CEF may not be updated with a new path label that is received from a BGP peer.
Conditions: This symptom is observed when a Cisco router that is configured for IPv4 BGP Label Distribution and multipath receives a BGP update that changes only the MPLS label to a non-bestpath multipath. In this situation, the router does not update the forwarding plane, causing dropping or misbranding of traffic because of label inconsistencies between the BGP table and the forwarding table.
Workaround: There is no workaround.
•CSCsb52900
Symptoms: An inconsistency may occur in the outlabel information that is used by BGP and MPLS forwarding.
Conditions: This symptom is observed when there are two route reflectors (RRs) that advertise the same route and when one of the routes is the best path. The symptom occurs when the following conditions are present:
–The PE router that is the source restarts, causing the prefix to be readvertised with a new label.
–The RR that forms the non-best path delays the withdrawal and readvertisement of the prefix, for example, because the RR has a heavy load.
This situation causes BGP to function with the new label but MPLS forwarding to function with the old label.
Workaround: Enter the clear ip route network command for the affected prefix.
•CSCsb67539
Symptoms: A Voice Gateway crashes when running under a heavy voice call load.
Conditions: This symptom is observed on a Voice Gateway that is running Cisco IOS Release 12.3(11)T6. The gateway is under heavy voice call load with access to media/application documents residing on local gateway flash, http and tftp servers.
Workaround: The following is not quite a workaround:
call threshold global cpu-5sec low value high value
For example:
call threshold global cpu-5sec low 50 high 70
The CLI can ease the CPU load on the gateway by reducing the probability for a crash.
•CSCsc35024
Symptoms: A Cisco 2600 series with an E1 WIC may crash when you enter the channel-group timeslots command.
Conditions: This symptom is observed when the router runs Cisco IOS Release 12.3(15b) or an earlier release, when a service policy is applied on a subinterface, and when traffic is being processed by the router. The symptom could occur in Release 12.4 or Release 12.4T.
Workaround: Remove the service policy before you change the time slot.
•CSCsc40236
Symptoms: Incorrect outgoing labels are installed for BGP-IPv4 Multipath prefixes.
Conditions: This symptom has been observed anytime that a label changes from a BGP-IPv4 Multipath peer.
Workaround: Clearing the BGP neighbor should allow the correct labels to be installed.
•CSCsc65165
Symptoms: A Cisco 7200 series reloads unexpectedly when you enter the hw-module slot slot-number stop command for a T3 port adapter.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with 100 EzVPN IVRFs on a DS3 interface of the T3 port adapter.
Workaround: There is no workaround.
•CSCsc76061
Symptoms: When PPPoA and a virtual template are used, ARP requests are not bridged from a LAN through a DSL connection.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)YI3 or Release 12.4(4)T when BVI is configured to bridge remote LANs to DSL connections that use PPPoA with virtual templates and aal5ciscoppp encapsulation. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCsc84858
Symptoms: A router may crash because of a bus error when you enter the no policy-map command.
Conditions: This symptom is observed on a Cisco 7200 series that has an NPE-G1 and that runs Cisco IOS Release 12.3(10c). The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCsc94359
Symptoms: The BGP table and CEF forwarding table may have mismatched labels for prefixes that are learnt from a remote PE router.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when an eBGP session flap or route flap occurs on the remote PE router. A new label for the prefix is learnt from the remote PE router, but forwarding may not be updated properly.
Workaround: There is no workaround. When the symptom has occurred, and to correct the situation, enter the clear ip route vrf vrf-name network command on the PE router that has mismatched labels.
•CSCsd02602
Symptoms: All channels on a multichannel T3 port adapter may go down. The router may then reload unexpectedly due to a software forced crash. If not, all of the channels in the T3 may stay down until corrective action is taken.
The following messages may appear one or more times in the router or VIP log: %CT3-3-MBOXSENDM: Failed to send msg MBOXP_MSG_T1_DISABLE
to bay 1 firmware
On a Cisco 7200 router, the following messages may be seen in the log:
CT3SW WatchDog not cleared, WatchDog = 2
CT3SW WatchDog not cleared, WatchDog = 3
On a Cisco 7500 router, the following messages may be seen in the log:
%CT3 5/8: Illegal Love Letter, cmd 0
%CT3 5/9: Illegal Love Letter, cmd 0
Conditions: This symptom affects routers using two-port multichannel T3 port adapters, the PA-MC-2T3 and the PA-MC-2T3+. The symptom occurs when one or more of the T1's in either T3 sees framing errors. One-port multichannel T3 port adapters, the PA-MC-T3 and the PA-MC-T3+, are not affected.
Workaround: There is no workaround to prevent this problem. Possible corrective actions are listed below:
Possible Corrective Actions for the Cisco 7200 router: 1. Remove and reinsert the affected port adapter. 2. Simulate removal and reinsertion with these exec mode commands in sequence: hw-module slot slot- number stop hw-module slot slot- number start 3. Reload the router.
Possible Corrective Actions for the Cisco 7500 router: 1. Remove and reinsert the VIP with the affected port adapter. 2. Use the configuration mode command: microcode reload 3. Reload the router.
•CSCsd04075
Symptoms: A Cisco IOS Voice Over IP Gateway terminating fax calls may have its voice-ports lock up and not accept any new calls. The following messages may be seen (but not mandatory) on the console or syslog (if applicable):
%HPI-3-CODEC_NOT_LOADED: channel:2/0/0 (171) DSP ID:0x1, command failed as
codec not loaded 0
- Traceback= 615D2FA8 615C8528 617D5044 617D5258 61BBCD44 61BBD764 617BAE88
617BBD38 6138720C
Conditions: This symptom is observed on a Cisco 3600 series router but is not platform dependent.
Workaround: Disabling T.38 and using passthrough resolves the issue.
•CSCsd08862
Symptoms: A router may crash because of a bus error when you enter the show interface command for a virtual-access interface or subinterface.
Conditions: This symptom is observed when you enter the show interface command while a session that is associated with the virtual-access interface or subinterface is being cleared.
Workaround: There is no workaround.
•CSCsd11646
Symptoms: On a router that runs Multiprotocol Label Switching (MPLS), the "%SYS-3-OVERRUN:" and "%SYS-6-BLKINFO" error messages may be generated and a software-forced crash may occur on the router.
Conditions: This symptom is observed when you enter the show mpls ldp discovery command under the following condition:
–There are multiple LDP adjacencies configured through one interface.
–The adjacencies between peers through this interface have not been fully established for some peers.
–The unestablished LDP adjacencies are coming while you enter the show mpls ldp discovery command.
Workaround: Do not enter the show mpls ldp discovery command while multiple LDP adjacencies are coming up. Rather, enter the show mpls ldp neighbor [detail] command while multiple LDP adjacencies are coming up.
•CSCsd15546
Symptoms: A Cisco router that is configured as a DHCP relay may not append option 82 (that is, the Relay Agent option), even when the router is configured to do so in the following way:
ip dhcp relay information option
no ip dhcp relay information check
ip dhcp relay information trust-all
Conditions: This symptom is observed when the DHCP message contains an invalid option according to RFC 2132; for example, option 12 with length 0.
Workaround: Ensure that the DHCP messages that are sent to the Cisco router that functions as a DHCP relay contain valid options. If you cannot ensure this, there is no workaround.
•CSCsd21567
Symptoms: Packets are route-cache switched instead of distributed-cache switched.
Conditions: This symptom occurs when distributed-cache switching is enabled, but packets are still route-cache switched for Cisco IOS Release 12.3.
Workaround: There is no workaround.
•CSCsd38693
Symptoms: Renaming a file to a string that contains multiple trailing dots ("." characters) corrupts the file system on ATA, CF, and USB flash storage devices.
Conditions: This symptom is observed when you enter the following commands to rename the file:
rename disk0:file2 disk0:file3...
Workaround: Avoid renaming a file that contains multiple trailing "." characters. When the symptom has occurred and the file system is no longer accessible, you must reformat the disk by entering the format disk0: command.
•CSCsd40334
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
•CSCsd47671
Symptoms: A Cisco 7200 series router that is running Cisco IOS Release 12.3(17) may experience an Output stuck condition on PVCs that are running on PA-A3-8T1-IMA. The condition results in all traffic over affected PVCs ceasing to pass.
show queueing int atm1/ima0 may report:
Interface ATM1/ima0 VC 1/41
Queueing strategy: fifo
Output queue 40/40, 9156 drops per VC
Conditions: See the following:
1. Issue is reproducible in TAC Labs that are running Cisco IOS Release 12.3(17a).
2. Issue is not reproducible in TAC Labs that are running Cisco IOS Release 12.4(5a).
3. During the problem, after interfaces are wedged, doing the shut command followed by the no shut command on the logical IMA interface results in the interface showing down/down (disabled).
Condition appears in all Cisco IOS versions that contain the fix for CSCee20451.
Workaround: See the following:
1. Reload Cisco 7200 series router.
2. Run Cisco IOS image that does not include the fix for CSCee20451.
•CSCsd51429
Symptoms: A Cisco router that is running SNASw that has lost connectivity on an HPR-IP link shows the link state as active with the show snasw link command. The message "%SNASW-4-LDLC_CTRL_LOG_1: EXCEPTION - 81 - LDLC command frame retry limit exceeded" appears, but a message "%SNASW- 3-EVENT: Link station XXXX deactivated" does not. The mainframe product correctly shows the link as inactive.
The link cannot be reactivated. Trying to stop the link with the snasw stop link command leaves the link in Pending Inactive state.
Conditions: This symptom occurs when there is an outage between the SNASw router and the mainframe, such as an IP failure, interface failure, or mainframe reload.
Workaround: There is no workaround. The SNASw subsystem must be restarted with the snasw stop command followed by the snasw start command to clear the condition.
Further Problem Description: This problem was caused by a bad code fix in CSCej78434.
•CSCsd58381
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
•CSCsd65009
Symptoms: Spurious memory access is reported on the log after configuring a new VRF on a router running an MP-BGP session. The message can be similar to this example and is followed by a trace back.
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x60C55F6C reading 0x8
%ALIGN-3-TRACE: -Traceback= 60C55F6C 60607554 605E0858 605E5570 605E8E90
605E9A20 605EE870 605F87B0
Conditions: This symptom has been observed after adding a new VRF.
Workaround: There is no workaround.
Further Problem Description: This symptom does not cause any side effects. VRF can be applied to the interface and will work fine but tracebacks are reported after configuring it.
•CSCsd74000
Symptoms: A slot controller such as a slot controller of a VIP4-80 may reset because of a TLB (load or instruction fetch) exception.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(17b) or Release 12.4, that has T1 or E1 port adapters installed in the slot that is controlled by the slot controller that resets, and that has NBAR configured.
Workaround: Remove the NBAR configuration.
TCP/IP Host-Mode Services
•CSCsb51019
Symptoms: A TCP session does not time out but is stuck in the FINWAIT1 state and the following error message is generated:
%TCP-6-BADAUTH: No MD5 digest from x.x.x.x to y.y.y.y(179) (RST)
Conditions: This symptom is observed on a Cisco router that is configured for BGP and that is connected to a third-party vendor router after the BGP authentication password is changed on the Cisco router.
Workaround: Identify the BGP connection that is stale by entering the show tcp brief command and then clear the TCP control block.
Wide-Area Networking
•CSCek25684
Symptoms: When you remove a map group from an interface, the router may reload.
Conditions: This symptom is observed while Frame Relay SVC is coming up.
Workaround: Shut down the interface before you remove the map group from the configuration.
•CSCek28575
Symptoms: A router reloads at the "process_modem_command" function during a test that involves asynchronous media.
Conditions: This symptom is observed on a Cisco AS5400 but is not platform-dependent.
Workaround: There is no workaround.
•CSCsd01816
Symptoms: Multilink interfaces do not recover after a T1 link in a bundle flaps.
Conditions: This symptom is observed when two Cisco router are connected back-to-back via two channelized OC-3 connections with 168 T1 links and when the multilink bundles are created with two T1 links each.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink interfaces.
•CSCsd06510
Symptoms: Unexpected drops may occur in the Multilink Frame Relay (MFR) output hold queue. The drops persist under a very low (25 pps) transmit rate.
The MFR output hold queue may become congested, causing all traffic to fail.
After you have disabled the traffic source or shut down the ingress interface, the MFR output hold queue may take as long as 15 minutes to "drain."
Conditions: These symptoms are observed on a Cisco router when you run multicast traffic over GRE tunnel interfaces that in turn use an MFR interface for transport.
Workaround: Disable multicast fast-switching.
•CSCsd06518
Symptoms: A Cisco router may experience unexpected MFR output hold queue drops when running multicast traffic over GRE tunnel interfaces that in turn use a Multilink Frame Relay (MFR) interface for transport.
Drops persist under very low [25pps] transmit rate.
The MFR output hold queue may get into a congestion state that results in all traffic failing. Further, after disabling the traffic source or shutting down the ingress interface, the output hold queue may take as long as 15 minutes to "drain."
Conditions: This symptom is observed when using GRE tunnels for multicast traffic over MFR.
Workaround: Disable multicast fast switching.
•CSCsd28564
Symptoms: When adding or removing PPP over Frame Relay (PPPoFR) configuration on a Cisco 7500 series router, the following error message is displayed:
%RSP-3-RESTART: cbus complex
Conditions: This symptom occurs on a Cisco 7500 series router when PPPoFR configuration is added or removed.
Workaround: There is no workaround.
•CSCsd47777
Symptoms: Any PPP session that runs on a subinterface may crash.
Conditions: This symptom is observed with PPPoA, PPPoE, or VPDN sessions on a subinterface.
Workaround: Enter the no virtual-template subinterface command globally.
•CSCsd74130
Symptoms: When an HSSIRSET, SERRSET, or FDDIRSET error message is generated or when the output becomes stuck, a VIP does not come up during its first recovery attempt.
Conditions: This symptom is observed on a Cisco platform that is configured with a VIP when a CCB timeout occurs during an IDB reset or when the output becomes stuck.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(18a)
Cisco IOS Release 12.3(18a) is a rebuild release for Cisco IOS Release 12.3(18). The caveats in this section are resolved in Cisco IOS Release 12.3(18a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeg62070
Symptoms: Tracebacks or crash are seen during HTTP transactions with long URLs.
Conditions: The crash is seen when the length of any token in the URL of the request is excessively long.
Workaround: Disable HTTP server using the no ip http server command.
•CSCse85200
Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router.
Since CDP is a layer-2 protocol, this issue can only be triggered by systems that are residing on the same network segment.
Workaround is to disable on interfaces where CDP is not necessary.
•CSCsj44081
Cisco IOS software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS software releases published after April 5, 2007.
Details: With the new enhancement in place, Cisco IOS software will emit a "%DATACORRUPTION-1-DATAINCONSISTENCY" error message when it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.
The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error
The error message is then followed by a traceback.
It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.
Recommended Action: Collect show tech-support command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the "%DATACORR UPTION-1-DATAINCONSISTENCY" message and note those to your support contact.
IBM Connectivity
•CSCsf28840
A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
There are workarounds available for this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml
Miscellaneous
•CSCeh15949
Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.
Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.
Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.
Further Problem Description: An example of this caveat is shown below.
When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.
Topology:
RPM-XF-(FE)-------(FE)--Router ip: 10.10.10.2 .1
RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1
Router_RPM09_XF#show running-config
Building configuration...
Current configuration : 1190 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_RPM09_XF
!
boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker
interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any
Router_RPM09_XF#show ip access-list 101
Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#
The information below shows that the access list does not function:
Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open
•CSCsb12598
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
•CSCsb93407
Symptoms: When H323 call service stops, the router still listens on TCP port 1720 and completes connection attempts.
Conditions: This symptom occurs after H323 is disabled using the following configuration commands:
voice service voip h323 call service stop
Workaround: Access can be blocked by deploying an interface access list that blocks access to TCP port 1720 for traffic that is destined for any of the IP addresses of the router.
For information about deploying access lists, see the "Transit Access Control Lists: Filtering at Your Edge" document at http://www.cisco.com/warp/public/707/tacl.html
For further information about deploying access lists, see the "Protecting Your Core: Infrastructure Protection Access Control Lists" document at http://www.cisco.com/warp/public/707/iacl.html.
For information about using control plane policing to block access to TCP port 1720, see the "Deploying Control Plane Policing White Paper" at http://www.cisco.com/en/US/products/ps6642/products_white_paper0900aecd804fa16a.shtml.
•CSCsc72722
Symptoms: TCP connections that are opened through a Cisco IOS Firewall (CBAC) may not timeout.
Conditions: With Cisco IOS Firewall (CBAC) enabled, the TCP idle timer for a session may be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This could lead to the TCP session not timing out.
Workaround: There is no workaround.
•CSCsd58381
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
•CSCsd81407
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–Cisco IOS, documented as Cisco bug ID CSCsd85587
–Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
–Cisco Firewall Service Module (FWSM) CSCsi97695
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Note: Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
•CSCsd92405
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml
•CSCsd95616
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
•CSCse45425
Symptoms: A VAM2 may reset when it receives a malformed ESP packet, and a "Free Pool stuck" error message may be generated. This situation causes high CPU usage in the encryption process while the software is handling the encryption as opposed to the hardware. Even when the VAM2 recovers, the high CPU usage remains because the software-encrypted tunnels do not fall back to hardware encryption until the SA lifetime expires.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(19) or Release 12.4(7a).
Workaround: There is no workaround to prevent the symptom from occurring. After the symptom has occurred and after the VAM2 has recovered, disable software encryption by entering the no crypto engine software ipsec command to force the encryption back to the hardware.
•CSCse56501
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml
•CSCse68138
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsf04754
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
•CSCsg16908
Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.
The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.
This vulnerability does not apply to the IOS FTP Client feature.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.
•CSCsg40567
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•CSCsg70474
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi01470
A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
•CSCsi60004
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsi67763
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.
Cisco response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
TCP/IP Host-Mode Services
•CSCek37177
The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID CSCek37177.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml
•CSCse05736
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–The router must have RCP enabled.
–The packet must come from the source address of the designated system configured to send RCP packets to the router.
–The packet must have a specific data content.
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.
Wide-Area Networking
•CSCei00766
Symptoms: A router may crash when the encapsulation is set to PPP and removed repeatedly.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.4 and that is configured for PPP Link Control Protocol (LCP).
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(18)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(18). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(18). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCsc19289
Symptoms: MC-T1 is disabled and wedged when changing the MTU size on the MC-T1 interface.
Conditions: This symptom has been observed when dLFIoLL is configured on a Cisco 7500 router and the MTU size on MX-serial interface is changed.
Workaround: Remove and replace the MC-T1 or micro reload the MC-T1.
•CSCsc27615
Symptoms: RSP QAERROR is seen with a VIP crash and MEMD carve due to standby OIR or another VIP crash at close intervals.
Conditions: This symptom is observed on Cisco 7500 series routers.
Workaround: There is no workaround.
•CSCsc64976
A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.
Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml
•CSCsc70055
Symptoms: Cisco 7200 routers with traffic-carrying port adapters (PA) may crash when a Graceful OIR is done on the traffic-carrying port adapter.
Conditions: The following conditions may result in a crash of the Cisco 7200 router:
1. Graceful OIR must be done.
2. The PA must be carrying traffic and the symptom occurs mostly with ingress traffic on the PA.
Workaround: Perform a manual OIR.
•CSCsc81440
Symptoms: A Cisco router may reload after stopping the probe, changing the history, enhanced-history, collection, or distribution statistics configuration, and starting the probe again.
Conditions: The following changes will cause the problem:
–Increase the bucket number, samples-of-history-kept or life of the history/pathHistory statistics table.
–Increase distributions-of-statistics-kept, hours-of-statistics-kept or paths- of-statistics-kept of the hourly/pathHourly statistics table, start it or do "show rtr distribution/total/collection".
–Remove the configured enhanced-history.
–Configure more enhanced-history with different intervals.
Workaround: Remove the old probe and create a new one if the configuration changes as listed above are needed.
IP Routing Protocols
•CSCsc75409
Symptoms: Toggle the no ip cef command followed by the ip cef command could cause a router CPUHOG.
Conditions: This symptom is especially vulnerable on a router that is configured with many VRFs (maybe more than 100 VRFs) and with an import/export routes to each other.
Workaround: There is no problem if the command sequence no ip cef command followed by the ip cef command is not executed. If this command sequence is executed, there should be no problem if less than 50 VRFs are configured. As the number of VRFs that are configured is increased, the CPU utilization will rise. There is no workaround.
•CSCsc78813
Symptoms: While using NAT in an overlapping network configuration, the IP address inside a DNS reply payload from the nameserver is not getting translated at the NAT BOX.
Conditions: The above symptom is seen in Cisco routers that are loaded with Cisco IOS Release 12.3(18) image, configured with the ip nat outside source command.
Workaround: There is no workaround.
•CSCsd16043
Symptoms: A Cisco IOS device that is running Auto-RP for multicast may periodically lose the RP to group mappings.
Conditions: This symptom is caused by the RP dropping the Auto-RP announce messages as can be seen with the debug ip pim auto-rp debug command. This may result in loss of multicast connectivity while the RP mappings are purged from the cache. See the following output example:
Auto-RP(0): Received RP-announce, from ourselves (X.X.X.x), ignored
This problem appeared in Cisco IOS Release 12.3(17).
Workaround: Create extra dummy loopback interface and specifically configure "ip mtu" size on RP interface to 1500 and size of dummy loopback interface to 570.
(1) create another dummy loopback interface and have the ip mtu configured as 570.
(interface loopback1 is a dummy one, the configured ip address shall not be used in the whole network)
interface Loopback1
ip address 10.10.10.10 255.255.255.255
ip mtu 570
ip pim sparse-mode
end
(2) configure the ip mtu of the RP interface to 1500.
(assumed the auto RP interface is loopback 0)
interface Loopback0
ip address 10.255.1.1 255.255.255.255
ip mtu 1500
ip pim sparse-dense-mode
end
ISO CLNS
•CSCsc68437
Symptoms: ISIS on a router that is running Cisco IOS Release 12.3(13a) software can leave some IP routes not updated after topology change if metric of the new route is worse than the metric of a previously-valid path.
Conditions: This problem can only occur on multiaccess interfaces when the outgoing interface stays the same, but the next-hop changes. Point-to-point interfaces are not affected by this problem.
Workaround: The clear ip route command restores the correct routing table.
Miscellaneous
•CSCeg55213
Symptoms: Ethernet VLAN data counters may not get updated for VC (Virtual Circuit/xconnect) configured for the EoMPLS (VLAN) feature.
Conditions: This symptom is seen with the EoMPLS (VLAN) feature configured.
Workaround: There is no workaround.
•CSCej88595
Symptoms: A read/write or copy CLI to an Advanced Technology Attachment (ATA) disk will be noticeably slower.
Conditions: This symptom occurs when retrying and doing the read/write for successful cases.
Workaround: There is no workaround.
•CSCsa61635
Symptoms: A Cisco router may reload unexpectedly because of a bad block pointer.
Conditions: This symptom is observed on a Cisco 3660 that has a GRE tunnel configuration. The symptom may be platform-independent.
Workaround: There is no workaround.
•CSCsc27474
Symptoms: The show ip mcache command output would not display the MAC header on a multicast Multilink Frame Relay (MLFR) router.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.4(5).
Workaround: There is no workaround.
•CSCsc40027
Symptoms: In very rare conditions, when using a combination of MPLS, service load balancing (SLB) and Hot Standby Router Protocol (HSRP), frequently flapping HSRP might trigger a corrupted program counter crash. The following message may be displayed:
Nov 4 05:53:49: %IP-3-LOOPPAK: Looping packet detected and dropped -
src=, dst=, hl=4261816683, tl=1684290561, prot=0, sport=37374, dport=251
in=, nexthop=, out=
options=Vlan1300
-Process= "IP Input", ipl= 0, pid= 122
-Traceback= 4078490C
%ALIGN-1-FATAL: Corrupted program counter
pc=0x31203041, ra=0x31203041, sp=0x520F13F8
Conditions: This symptom occurs when using a combination of MPLS, service load balancing (SLB), and Hot Standby Router Protocol (HSRP).
Workaround: There is no workaround.
•CSCsc42335
Symptoms: Tunneled packets that terminate on a device with an SII intercept in place do not get intercepted.
Conditions: This symptom occurs if the device on which the tunnel terminates has SII intercepts that match the inner packet. SII will not intercept the packet.
Workaround: If the packets to be intercepted must arrive via a tunnel, there is no workaround. If not, another method of transport will allow the packets to be intercepted.
•CSCsc44856
Symptoms: After HCCP switchover, CEF may have adjfibs in the wrong VRF and incomplete adjacencies.
Conditions: This symptom occurs on a Cisco uBR10000 router with cable modem interface redundancy that is switching over from a subinterface in one VRF to an interface in a different VRF.
Workaround: There is no workaround.
•CSCsc48543
Symptoms: A Cisco router crashes when the E3 controller is shutdown using SNMP.
Conditions: This symptom is observed on a Cisco 7200 series router but is not platform dependent.
Workaround: There is no workaround.
•CSCsc60249
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsd02602
Symptoms: All channels on a multichannel T3 port adapter may go down. The router may then reload unexpectedly due to a software forced crash. If not, all of the channels in the T3 may stay down until corrective action is taken.
The following messages may appear one or more times in the router or VIP log:
%CT3-3-MBOXSENDM: Failed to send msg MBOXP_MSG_T1_DISABLE
to bay 1 firmware
On a Cisco 7200 router, the following messages may be seen in the log:
CT3SW WatchDog not cleared, WatchDog = 2
CT3SW WatchDog not cleared, WatchDog = 3
On a Cisco 7500 router, the following messages may be seen in the log:
%CT3 5/8: Illegal Love Letter, cmd 0
%CT3 5/9: Illegal Love Letter, cmd 0
Conditions: This symptom affects routers using two-port multichannel T3 port adapters, the PA-MC-2T3 and the PA-MC-2T3+. The symptom occurs when one or more of the T1s in either T3 sees framing errors. One-port multichannel T3 port adapters, the PA-MC-T3 and the PA-MC-T3+, are not affected.
Workaround: There is no workaround to prevent this problem. Possible corrective actions are listed below:
Possible Corrective Actions for the Cisco 7200 router:
1. Remove and reinsert the affected port adapter.
2. Simulate removal and reinsertion with these exec mode commands in sequence: hw-module slot slot- number stop hw-module slot slot- number start
3. Reload the router.
Possible Corrective Actions for the Cisco 7500 router:
1. Remove and reinsert the VIP with the affected port adapter.
2. Use the configuration mode command: microcode reload
3. Reload the router.
•CSCsd11646
Symptoms: On a router that runs Multiprotocol Label Switching (MPLS), the "%SYS-3-OVERRUN:" and "%SYS-6-BLKINFO" error messages may be generated and a software-forced crash may occur on the router.
Conditions: This symptom is observed when you enter the show mpls ldp discovery command under the following condition:
–There are multiple LDP adjacencies configured through one interface.
–The adjacencies between peers through this interface have not been fully established for some peers.
–The unestablished LDP adjacencies are coming while you enter the show mpls ldp discovery command.
Workaround: Do not enter the show mpls ldp discovery command while multiple LDP adjacencies are coming up. Rather, enter the show mpls ldp neighbor [detail] command while multiple LDP adjacencies are coming up.
•CSCsd16132
Symptoms: The following symptoms are observed:
1. Poor voice performance.
2. Transcoding does not work.
3. In some cases, no voice path. This is caused by voice packets originating from the router not being CEF switched.
Conditions: This symptom occurs when voice modules are plugged in the router.
Workaround: There is no workaround.
•CSCsd40334
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
•CSCsd47671
Symptoms: A Cisco 7200 series router that is running Cisco IOS Release 12.3(17) may experience an Output stuck condition on PVCs that are running on PA-A3-8T1-IMA. The condition results in all traffic over affected PVCs ceasing to pass.
show queueing int atm1/ima0 may report:
Interface ATM1/ima0 VC 1/41
Queueing strategy: fifo
Output queue 40/40, 9156 drops per VC
Conditions: See the following:
1. Issue is reproducible in TAC Labs that are running Cisco IOS Release 12.3(17a).
2. Issue is not reproducible in TAC Labs that are running Cisco IOS Release 12.4(5a).
3. During the problem, after interfaces are wedged, doing the shut command followed by the no shut command on the logical IMA interface results in the interface showing down/down (disabled).
Condition appears in all Cisco IOS versions that contain the fix for CSCee20451.
Workaround: See the following:
1. Reload Cisco 7200 series router.
2. Run Cisco IOS image that does not include the fix for CSCee20451.
Wide-Area Networking
•CSCek28575
Symptoms: A unit under test (UUT) router reloads at process_modem_command during async related testing.
Conditions: The reload is seen on a Cisco AS5400 platform but is not platform dependent. It happens when async media is involved.
Workaround: There is no workaround.
•CSCsc30497
Symptoms: NAS-Port Pre-Auth failure breaks PPPoE session limit per VLAN. Once the authorization fails, local limit does not get applied to a particular interface.
Conditions: This symptom is observed in Cisco IOS Release 12.3YM.
Workaround: There is no workaround.
•CSCsc95588
Symptoms: A Cisco router reloads when the show log, show interface, or show caller commands are issued.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.3(5b), but it can happen on any Cisco IOS 12.3 release. This symptom can occur when PPP sessions go down while the show output is suspended.
Workaround: There is no workaround.
•CSCsd06510
Symptoms: A Cisco router may experience unexpected MFR output hold queue drops when running multicast traffic over GRE tunnel interfaces that in turn use a Multilink Frame Relay (MFR) interface for transport.
Drops persist under very low [25pps] transmit rate.
The MFR output hold queue may get into a congestion state that results in all traffic failing. Further, after disabling the traffic source or shutting down the ingress interface, the output hold queue may take as long as 15 minutes to "drain."
Conditions: This symptom is observed when using GRE tunnels for multicast traffic over MFR.
Workaround: Disable multicast fast switching.
•CSCsd06518
Symptoms: A Cisco router may experience unexpected MFR output hold queue drops when running multicast traffic over GRE tunnel interfaces that in turn use a Multilink Frame Relay (MFR) interface for transport.
Drops persist under very low [25pps] transmit rate.
The MFR output hold queue may get into a congestion state that results in all traffic failing. Further, after disabling the traffic source or shutting down the ingress interface, the output hold queue may take as long as 15 minutes to "drain."
Conditions: This symptom is observed when using GRE tunnels for multicast traffic over MFR.
Workaround: Disable multicast fast switching.
•CSCsd28564
Symptoms: When adding or removing PPP over Frame Relay (PPPoFR) configuration on a Cisco 7500 series router, the following error message is displayed:
%RSP-3-RESTART: cbus complex
Conditions: This symptom occurs on a Cisco 7500 series router when PPPoFR configuration is added or removed.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(17c)
Cisco IOS Release 12.3(17c) is a rebuild release for Cisco IOS Release 12.3(17). The caveats in this section are resolved in Cisco IOS Release 12.3(17c) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeg62070
Symptoms: Tracebacks or crash are seen during HTTP transactions with long URLs.
Conditions: The crash is seen when the length of any token in the URL of the request is excessively long.
Workaround: Disable HTTP server using the no ip http server command.
•CSCsc64976
A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.
Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml
•CSCse85200
Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router.
Since CDP is a layer-2 protocol, this issue can only be triggered by systems that are residing on the same network segment.
Workaround is to disable on interfaces where CDP is not necessary.
•CSCsj44081
Cisco IOS software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS software releases published after April 5, 2007.
Details: With the new enhancement in place, Cisco IOS software will emit a "%DATACORRUPTION-1-DATAINCONSISTENCY" error message when it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.
The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error
The error message is then followed by a traceback.
It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.
Recommended Action: Collect show tech-support command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the "%DATACORR UPTION-1-DATAINCONSISTENCY" message and note those to your support contact.
IBM Connectivity
•CSCsf28840
A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
There are workarounds available for this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml.
Miscellaneous
•CSCdz55178
Symptoms: A router that is configured for QoS may reload unexpectedly or other serious symptoms such as memory corruption may occur.
Conditions: This symptom is observed on a Cisco router that has a cable QoS profile with a name that has a length that is greater than 32 characters as in the following example:
cable qos profile 12 name g711@10ms_for_any_softswitch_Traa^C
00000000011111111111222222222333^
12345678901234567890123456789012|
|
PROBLEM
(Variable Overflowed).
Workaround: Change the name of the cable QoS profile qos profile to a length that is less than 32 characters.
•CSCeh15949
Symptoms: An extended access list does not function when it is applied to an interface even though the access list is configured correctly.
Conditions: This symptom is observed on a Cisco MGX 8850 RPM-XF that runs Cisco IOS Release 12.3(7)T3.
Workaround: Use an external device to filter the traffic. Apply the filter at another location in the network to accommodate your needs. If this is not possible, call Cisco TAC and reference this caveat with DDTS ID CSCeh15949.
Further Problem Description: An example of this caveat is shown below.
When a router attempts to access the Fast Ethernet interface of the RPM-XF, the router is able to access the RPM-XF even though its Fast Ethernet interface has an access list applied to it.
Topology:
RPM-XF-(FE)-------(FE)--Router ip: 10.10.10.2 .1
RPM-XF-(FE)-------(FE)--Router
ip: 10.10.10.2 .1
Router_RPM09_XF#show running-config
Building configuration...
Current configuration : 1190 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_RPM09_XF
!
boot-start-marker
boot system x:rpmxf-p12-mz.123-7.T3
boot system bootflash:rpmxf-p12-mz.123-7.T3
boot-end-marker
interface FastEthernet2/0
ip address 10.10.10.2 255.255.255.252
ip access-group 101 in
duplex auto
speed auto
access-list 101 deny tcp any host 10.10.10.2 eq telnet
access-list 101 permit ip any any
Router_RPM09_XF#show ip access-list 101
Extended IP access list 101 (Compiled)
10 deny tcp any host 10.10.10.2 eq telnet
20 permit ip any any (96 matches)
Router_RPM09_XF#
The information below shows that the access list does not function:
Router#telnet 10.10.10.2
Trying 10.10.10.2 ... Open
•CSCsb12598
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml
•CSCsb93407
Symptoms: When H323 call service stops, the router still listens on TCP port 1720 and completes connection attempts.
Conditions: This symptom occurs after H323 is disabled using the following configuration commands:
voice service voip h323 call service stop
Workaround: Access can be blocked by deploying an interface access list that blocks access to TCP port 1720 for traffic that is destined for any of the IP addresses of the router.
For information about deploying access lists, see the "Transit Access Control Lists: Filtering at Your Edge" document at http://www.cisco.com/warp/public/707/tacl.html.
For further information about deploying access lists, see the "Protecting Your Core: Infrastructure Protection Access Control Lists" document at http://www.cisco.com/warp/public/707/iacl.html.
For information about using control plane policing to block access to TCP port 1720, see the "Deploying Control Plane Policing White Paper" at http://www.cisco.com/en/US/products/ps6642/products_white_paper0900aecd804fa16a.shtml.
•CSCsc72722
Symptoms: TCP connections that are opened through a Cisco IOS Firewall (CBAC) may not timeout.
Conditions: With Cisco IOS Firewall (CBAC) enabled, the TCP idle timer for a session may be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This could lead to the TCP session not timing out.
Workaround: There is no workaround.
•CSCsd81407
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–Cisco IOS, documented as Cisco bug ID CSCsd85587
–Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
–Cisco Firewall Service Module (FWSM) CSCsi97695
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Note: Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS. A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007. The related advisory is published at:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
•CSCsd92405
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note: Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml
•CSCsd95616
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
•CSCse45425
Symptoms: A VAM2 may reset when it receives a malformed ESP packet, and a "Free Pool stuck" error message may be generated. This situation causes high CPU usage in the encryption process while the software is handling the encryption as opposed to the hardware. Even when the VAM2 recovers, the high CPU usage remains because the software-encrypted tunnels do not fall back to hardware encryption until the SA lifetime expires.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(19) or Release 12.4(7a).
Workaround: There is no workaround to prevent the symptom from occurring. After the symptom has occurred and after the VAM2 has recovered, disable software encryption by entering the no crypto engine software ipsec command to force the encryption back to the hardware.
•CSCse56501
Symptoms: When two sockets are bound to the same port, the first File Descriptor always receives the requests.
Conditions: This symptom is observed on a Cisco router when two sockets such as one IPv4 socket and one IPv6 socket are connected to the same UDP port.
Workaround: Use different UDP ports for different sockets.
•CSCsf04754
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
•CSCsf08998
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•CSCsg16908
Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.
The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.
This vulnerability does not apply to the IOS FTP Client feature.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.
•CSCsg40567
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•CSCsg70474
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml.
•CSCsi60004
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–Session Initiation Protocol (SIP)
–Media Gateway Control Protocol (MGCP)
–Signaling protocols H.323, H.254
–Real-time Transport Protocol (RTP)
–Facsimile reception
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml.
•CSCsi67763
The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:
http://www.kb.cert.org/vuls/id/739224
By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.
Cisco response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml
TCP/IP Host-Mode Services
•CSCek37177
The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID CSCek37177.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml
•CSCse05736
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–The router must have RCP enabled.
–The packet must come from the source address of the designated system configured to send RCP packets to the router.
–The packet must have a specific data content.
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.
Wide-Area Networking
•CSCei00766
Symptoms: A router may crash when the encapsulation is set to PPP and removed repeatedly.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.4 and that is configured for PPP Link Control Protocol (LCP).
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(17b)
Cisco IOS Release 12.3(17b) is a rebuild release for Cisco IOS Release 12.3(17). The caveats in this section are resolved in Cisco IOS Release 12.3(17b) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCsc19289
Symptoms: MC-T1 is disabled and wedged when changing the MTU size on the MC-T1 interface.
Conditions: This symptom has been observed when dLFIoLL is configured on a Cisco 7500 router and the MTU size on MX-serial interface is changed.
Workaround: Remove and replace the MC-T1 or micro reload the MC-T1.
Miscellaneous
•CSCsd02602
Symptoms: All channels on a multichannel T3 port adapter may go down. The router may then reload unexpectedly due to a software forced crash. If not, all of the channels in the T3 may stay down until corrective action is taken.
The following messages may appear one or more times in the router or VIP log:
%CT3-3-MBOXSENDM: Failed to send msg MBOXP_MSG_T1_DISABLE to bay 1 firmware
On a Cisco 7200 router, the following messages may be seen in the log:
CT3SW WatchDog not cleared, WatchDog = 2
CT3SW WatchDog not cleared, WatchDog = 3
On a Cisco 7500 router, the following messages may be seen in the log:
%CT3 5/8: Illegal Love Letter, cmd 0
%CT3 5/9: Illegal Love Letter, cmd 0
Conditions: This symptom affects routers using two-port multichannel T3 port adapters, the PA-MC-2T3 and the PA-MC-2T3+. The symptom occurs when one or more of the T1's in either T3 sees framing errors. One-port multichannel T3 port adapters, the PA-MC-T3 and the PA-MC-T3+, are not affected.
Workaround: There is no workaround to prevent this problem. Possible corrective actions are listed below:
Possible Corrective Actions for the Cisco 7200 router:
1. Remove and reinsert the affected port adapter.
2. Simulate removal and reinsertion with these exec mode commands in sequence: hw-module slot slot- number stop hw-module slot slot- number start
3. Reload the router.
Possible Corrective Actions for the Cisco 7500 router:
1. Remove and reinsert the VIP with the affected port adapter.
2. Use the configuration mode command: microcode reload.
3. Reload the router.
•CSCsd40334
Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability. The workaround depends on if Mobile IPv6 is used and what version on Cisco IOS is being currently used.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml
Wide-Area Networking
•CSCsd28564
Symptoms: When adding or removing PPP over Frame Relay (PPPoFR) configuration on a Cisco 7500 series router, the following error message is displayed:
%RSP-3-RESTART: cbus complex
Conditions: This symptom occurs on a Cisco 7500 series router when PPPoFR configuration is added or removed.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(17a)
Cisco IOS Release 12.3(17a) is a rebuild release for Cisco IOS Release 12.3(17). The caveats in this section are resolved in Cisco IOS Release 12.3(17a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Interfaces and Bridging
•CSCsc30369
Symptoms: A Cisco 7500 series router may experience a cBus Complex Restart while exiting configuration mode after changing the encapsulation on a serial interface from HDLC to some other encapsulation, like PPP or Frame- Relay. It will also fix maxdgram to 1608 for low speed serial PAs and 1610 for high speed serial PAs for an MTU of 1500
Conditions: This occurs after the first change to the encapsulation type from the default (HDLC) to some other encapsulation type and an exit from configuration mode. Subsequent changes to the encapsulation type do not cause the cBus Complex Restart. The overhead added to the MTU is always 24. This will be changed to 108.
Workaround: There is no workaround for the cBus-complex issue. The MTU can be set accordingly to avoid packets drop as giants in the driver.
Further Problem Description: When the router boots with the encapsulation type set to the default of HDLC on a serial interface, the maximum datagram size that can be accepted by the interface is set to 1608. When the encapsulation type is changed, the maximum datagram size may change which causes an internal MTU change. An MTU change on the Cisco 7500 router results in a CBUS complex restart, which usually means a 15 second to 45 second outage on the whole router.
Miscellaneous
•CSCsc64530
Symptoms: A Cisco 3745 router does not boot up when booting a Cisco IOS with the fix of CSCec74317.
Conditions: Original NVCONFIG doesn't have the correct MAGIC number in NVRAM.
Workaround: Turn the router off and then back on one time will resolve the issue.
Resolved Caveats—Cisco IOS Release 12.3(17)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(17). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(17). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCei77083
Symptoms: A spurious memory access may be generated on an RSP when a VIP that is in a disabled or wedged condition is recovered because of a Cbus Complex or microcode reload.
Conditions: This symptom is observed on a Cisco 7500 series that has a VIP that is in a disabled or wedged condition after the router has booted.
Workaround: There is no workaround.
•CSCej18051
Symptoms: Terminal window PPP clients may fail with Cisco Access servers.
Conditions: This symptom has been observed on Cisco AS5400 gateways and Cisco AS5800 servers.
Workaround: There is no workaround.
•CSCej42445
Symptoms: MS-CHAP authentication fails with Cisco IOS Release 12.4(5) and MS- CHAP and PAP authentication fails with the Cisco IOS Release 12.4(5)fc2 image
Conditions: This symptom has been observed when running Cisco IOS Release 12.4 (5) and Release 12.4(5)fc2 while using Tacacs+ with MS chap for authentication.
Workaround: There is no workaround.
•CSCej59916
Symptoms: The removal of authorization keywords for attributes that are implemented can cause some undesirable authorization failure.
Conditions: This symptom has been observed when AAA tries to do authorization using these keywords.
Workaround: There is no workaround.
•CSCsb43767
Symptoms: Radius packets being sent have the incorrect value for attribute 5 (Nas-Port). The Async interface-related information is needed in the Cisco-Nas- Port attribute.
Conditions: This symptom has been observed on the Cisco-Nas-Port attribute on a radius server.
Workaround: There is no workaround.
•CSCsb86257
Symptoms: When a named ACL is used at a vty line on an PE router with an interface that is configured in an VPN VRF, making a Telnet connection from this VRF on the interface that is part of the VRF is accepted even though the vrf-also keyword is not configured in the access-class access-list-number command.
When a regular numbered ACL is used, an incoming Telnet connection from an interface that is part of a VRF is rejected without the vrf-also keyword being configured in the access-class access-list-number command.
Conditions: This symptom is observed on a Cisco router that functions as a PE router in an MPLS VPN environment and that has VPN VRFs configured.
Workaround: Use a numbered ACL instead of a named ACL on vty lines on a PE router.
Interfaces and Bridging
•CSCee22523
Symptoms: A VIP that contains a PA-A3-OC12 ATM port adapter may unexpectedly reload.
Conditions: This symptom is observed on a Cisco 7500 series that functions in an ATM LANE configuration.
Workaround: There is no workaround. The traffic on the VIP is disrupted until the VIP comes back up.
•CSCei25164
Symptoms: A Cisco 7xxx series router may crash because of a bus error exception and may report CPUHOG message when you perform an OIR of an ATM PA-A3 or ATM PA-A6 port adapter.
Conditions: This symptom is observed on a Cisco 7xxx series router that runs Cisco IOS Release 12.3 when PVC auto-provisioning is enabled on the ATM PA-A3 or ATM PA-A6 port adapter and when many PPP sessions are in transition. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCei68284
Symptoms: POS interfaces may remain in the up/down state after the router has been reloaded.
Conditions: This symptom is observed on a Cisco Catalyst 6500 series, Cisco 7500 series, and Cisco 7600 series.
Workaround: Reload the FlexWAN or VIP in which the POS port adapter is installed.
•CSCsa83907
Symptoms: Layer-1 alarm handling does not meet the ANSI T1.231 standard on a PA-A3-T3 interface. The PA-A3-T3 port adapter does not provide a soaking time to declare and clear near-end failures such as LOS, LOF, and AIS. Also, PA-A3-T3 interfaces do not properly handle P-bit and C-bit errors and do not bring down the controller when the threshold is reached for such errors.
Conditions: These symptoms are observed on a Cisco 7200 series that is configured with a PA-A3-T3 port adapter.
Workaround: There is no workaround.
•CSCsa94345
Symptoms: PVCs in an auto VC range stop passing traffic. The output of the show atm pvc command does not show the PVC as existing on the router.
Conditions: This symptom is observed on a Cisco 7206VXR router that is configured with an NPE-G1 and that runs Cisco IOS Release 12.3(14)T, Release 12.4, or Release 12.4T when the router is configured to aggregate PPPoA DSL users.
Workaround: There is no workaround.
Further Problem Description: The following sample configuration illustrates the symptom:
interface ATM1/0.10 multipoint
no ip mroute-cache
atm pppoa passive
range pvc 10/50 10/100
encapsulation aal5mux ppp Virtual-Template1
create on-demand
•CSCsb65340
Symptoms: An interface may not be able to receive OSPF hello packets.
Conditions: This symptom is observed after you have entered the shutdown interface configuration command followed by the no shutdown interface configuration command on the peer interface, causing a link up/down event to occur.
Workaround: Reconfigure OSPF.
Further Problem Description: The symptom occurs because the address filter entry is deleted during the link up/down event. You can verify that the symptom has occurred in the output of the show controller command and you can manually confirm the deletion of the OSPF MAC entry. When you reconfigure OSPF, the OSPF MAC entry is re-inserted in the address filter.
•CSCsb94350
Symptoms: An Ethernet interface may accept packets for any destination MAC address. The router will process them and will forward them through the appropriate interface should a valid entry exists in the routing table.
Conditions: The controller is in promiscuous mode and bridging is configured in any interface in the router. The output of show interface interface irb for the affected Ethernet interface prints the following message for all subinterfaces:
Not bridging this sub-interface.
Workaround: In the affected Ethernet interface: 1. Configure a subinterface with a dumb VLAN. 2. Configure bridging in that subinterface. 3. Remove the bridging configuration. 4. Remove the subinterface.
•CSCsc05213
Symptoms: ISDN L2TP sessions cannot be brought up.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.4 or Release 12.4T and that is configured with a PA-MC-8TE1+ port adapter that functions in T1 mode. The symptom is platform-independent and could also occur in Release 12.3.
Workaround: There is no workaround.
•CSCsc25970
Symptoms: While configuring the dot1q encapsulation in the router, traceback is seen.
Conditions: This symptom has been observed with a router configured with dot1q encapsulation and IPSec.
Workaround: There is no workaround.
IP Routing Protocols
•CSCee12098
Symptoms: When you enter a show command that is related to NAT or you enter the show run command when there is a NAT configuration, the "%NAT: System busy. Try later" error message may be generated. In addition, "%SYS-2-NOBLOCK" messages may be generated and the CPU utilization may be very high in the IP Input process.
Conditions: These symptoms are observed on a Cisco 1750 that runs Cisco IOS Release 12.3(9) and that is configured for NAT with SIP traffic (the router is a gateway for IP phones).
Workaround: Reload the router.
•CSCef19137
Symptoms: There are duplicate entries in the flow cache after an interface bounces, causing packet loss. The output of the show ip cache flow command may show information similar to the following:
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Gi0/0.1 10.2.0.1 Fa2/0 10.3.0.1 06 2C26 00B3 5
Gi0/0 10.2.0.1 Null 10.3.0.1 06 2C26 00B3<<<< 7
Conditions: This symptom is observed on a Cisco 7304 that is configured with an NSE-100 and that runs Cisco IOS Release 12.2(20)S4 when an interface bounces quickly and when the CEF structures are flushed while the ARP cache is not flushed. This situation causes incomplete adjacencies because the CEF process expects a fresh ARP entry to complete its adjacency. The symptom is platform-independent and may also occur on other platforms when the same conditions occur.
Workaround: Clear the ARP cache or enter the shutdown command followed by the no shutdown command on the affected interface.
•CSCeg57155
Symptoms: A ping, Telnet traffic, FTP traffic, and trace route traffic across a VRF-aware NAT do not function.
Conditions: This symptom is observed on a Cisco router that is configured for VRF-aware NAT only when the router is not directly connected to a gateway.
Workaround: There is no workaround.
•CSCeh15639
Symptoms: A Cisco router may crash when it is reloaded with PIM traffic on the network.
Conditions: This symptom is observed on a Cisco 7200 series router with multicast enabled but is not platform dependent. Bootup is the most likely place where this will happen, but the router may crash anytime if an interface flap happens at the right time while receiving PIM traffic.
Workaround: There is no workaround.
•CSCei06089
Symptoms: Conditional advertisement of the default route via a route map does not work when you enter the neighbor default-originate command.
Conditions: This symptom is observed on a Cisco router that is configured for BGP.
Workaround: Disable the route map entirely. If this is not an option, there is no workaround.
•CSCei36960
Symptoms: On a router that is configured with a Context-based Access Control (CBAC) firewall, NAT may not work properly, causing routing errors.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.3(14)T when the router has the ip nat outside static network global-network local-network mask command enabled and when the command points to a serial interface that is configured for both CBAC and NAT.
Workaround: Use a static route for the global-network argument. If this is not an option, there is no workaround.
•CSCei45669
Symptoms: An OSPF router may update and originate a new version of an LSA when it should flush the LSA.
Conditions: This symptom is observed on the originating router when it receives a self-originated MaxAge LSA before it can flush this LSA from its database. This symptom may occur under a rare condition when a neighboring router calculates that is has a newer copy of the LSA from the originating router and bounces the MaxAge LSA to the originating router.
Workaround: Enter the clear ip ospf process command.
•CSCei65865
Symptoms: When an RSVP application (for example, the MPLS TE feature) sends an updated Path message to reflect a modification in its QoS request, the updated Path message may not be forwarded by a downstream RSVP-aware router.
Conditions: This symptom is observed when the downstream RSVP-aware router has two RSVP features configured: local policy and refresh reduction. The commands to configure these features are the ip rsvp policy local command and the ip rsvp signalling refresh reduction command, respectively.
When an RSVP reservation is established with a Path/Resv message handshake and the sender application subsequently transmits an updated Path message that the downstream router applies to an RSVP local policy, the router does not forward the modified Path message. This situation prevents the application from receiving the corresponding Resv message, and may cause the application to fail.
Workaround: If this is an option, unconfigure the local RSVP policy or refresh the reduction and then restart the RSVP application. If this is not an option, there is no workaround.
•CSCei71446
Symptoms: A router crashes when the IP address of a GRE tunnel is changed to an unnumbered loopback address.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(3).
Workaround: Remove all ip unnumbered commands that point to the original numbered interface before you configure this numbered interface as an unnumbered interface itself.
Alternate Workaround: Change all unnumbered interfaces to point to the new parent.
•CSCei83265
Symptoms: MVPN traffic is limited to about 9 Mpps and the CPU usage on the egress line card is 100 percent.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when MVPN performs decapsulation in the slow path instead of the fast path.
Workaround: There is no workaround.
•CSCei86031
Symptoms: When the distribute-list route-map map-tag command is used under the OSPF router mode and when the route map is modified, OSPF does not update the routing table based on the changes in the route map.
Conditions: This symptom is observed when a route map that is referenced in the distribute-list route-map map-tag command is modified.
Workaround: Enter the clear ip ospf process id command or the clear ip route * command.
•CSCej55183
Symptoms: The router might crash when removing the ARPA Encapsulation from the configuration.
Conditions: This symptom has been observed when ARPA Encapsulation is removed from the configuration.
Workaround: There is no workaround.
•CSCin95836
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml.
•CSCsb22290
Symptoms: On a Cisco router that is configured for Port Address Translation, when you enter the ip nat service fullrange udp port port-number command, the port-allocation logic does not function. When a PAT port is already taken, the next-port logic fails, causing some packets to be discarded.
Conditions: This symptom is observed on a Cisco IOS Mobile Wireless Gateway (MWG) that is configured for high availability (HA). However, the symptom may occur on any platform that has the ip nat service fullrange udp port port-number command enabled.
Workaround: Disable the ip nat service fullrange command.
Further Problem Description: Regular PAT and NAT are not affected. Only the port-allocation logic in relation to the ip nat service fullrange command is affected.
•CSCsb23433
Symptoms: IP multicast packets are lost until the next periodic PIM (S,G) Join message.
Conditions: This symptom is observed in the following scenario:
When there is an intermittent source that is not active for 3.5 minutes, the (S,G) entry expires on the local RP and transit routers but remains active on the remote RP because the entry is refreshed each minute by an MSDP SA message from the local RP. When the source starts after 3.5 minutes of inactivity, it is registered with the local RP, and an MSDP SA message with an encapsulated packet is sent to the remote RP. However, the remote RP does not sent a PIM (S,G) Join message to the source because the remote RP still has an (S,G) entry present.
Workaround: Configure a keepalive mechanism for the intermittent source to maintain the integrity of the multicast tree.
•CSCsb32141
Symptoms: A router that is configured for Resource Reservation Protocol (RSVP) generates the following error messages on the console and then crashes:
%LINK-0-REENTER: Fatal reentrancy, level=3, intfc=FastEthernet0/1
-Process= "RSVP", ipl= 3, pid= 251
%SYS-6-STACKLOW: Stack for process RSVP running low, 0/24000Conditions: This symptom is observed when the ip rsvp bandwidth and service-policy output commands are configured on the same interface and when the policy map for the service policy is configured with the fair-queue command.
Workaround: Enter the ip rsvp resource-provider none command on the interface.
Alternate Workaround: Enter the ip rsvp bandwidth value command and ensure that the value argument is equal to the value that is displayed on the "Available Bandwidth" line in the output of the show interface interface command plus the value that is shown in the "allocated" column in the output of the show ip rsvp interface command.
•CSCsb36589
Symptoms: A router that is configured for OSPFv3 may crash because of memory corruption or a CPUHOG condition.
Conditions: This symptom is observed rarely in a configuration with a large LSA with at least 44 links that have OSPFv3 enabled and with some links configured for broadcast mode when an adjacency with a peer router flaps.
Workaround: There is no workaround.
•CSCsb50606
Symptoms: Memory utilization in the "Dead" process grows gradually until the memory is exhausted. The output of the show memory dead command shows that many "TCP CBs" re allocated. Analysis shows that these are TCP descriptors for non-existing active BGP connections.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(13), that has an NPE-G1, and that functions as a PE router with many BGP neighbors. However, the symptom is not platform-specific, nor release-specific.
Workaround: Reload the router. I this is not an option, there is no workaround.
•CSCsb60206
Symptoms: When an SSO switchover occurs, the newly active Supervisor Engine or RP generates a series of CPU Hog messages in the PIM Process, generates tracebacks, and finally crashes because the watchdog timer expires.
Conditions: This symptom is observed on a Cisco switch that has redundant Supervisor Engines and on a Cisco router that has redundant RPs when Auto-RP is configured and when regular multicast traffic runs for a few hundred multicast routes.
Workaround: There is no workaround.
•CSCsb74588
Symptoms: A router that is configured for OSPFv3 may crash because of memory corruption or a CPUHOG condition.
Conditions: This symptom is observed rarely in a configuration with a large LSA with 64 parallel links that have OSPFv3 enabled in broadcast mode when all adjacencies with a peer router flap.
Workaround: There is no workaround.
•CSCsc07467
Symptoms: An OSPF route is lost after an interface flaps.
Conditions: This symptom is observed rarely when all of the following conditions are present:
–There is a very brief (shorter than 500 ms) interface flap on a point-to-point interface such as a POS interface.
–The flap is not noticed by the neighbor, so the neighbors interface remains up.
–The OSPF adjacency goes down and comes back up very quickly (the total time is shorter than 500 ms).
–OSPF runs an SPF during this period and, based on the transient adjacency information, removes routes via this adjacency.
–The OSPF LSA generation is delayed because of LSA throttling. When the LSA throttle timer expires and the LSA is built, the LSA appears unchanged.
Workaround: Increase the carrier-delay time for the interface to about 1 second or longer.
Alternate Workaround: Use an LSA build time shorter than the time that it takes for an adjacency to come up completely.
•CSCsc41694
Symptoms: Router hangs while unconfiguring the BGP no router bgp command.
Conditions: This symptom has been observed in Cisco AS5400 and Cisco AS5850 routers having the image c5400-js-mz.123-16.15
Workaround: There is no workaround.
ISO CLNS
•CSCei04683
Symptoms: A router may advertise an IPv6 default route into a level-2 topology.
Conditions: This symptom is observed when the following conditions are present:
–The router runs the IS-IS routing protocol on both level 1 and level 2.
–The router advertises IPv6 prefixes.
–The router has the IS-IS ATT bit set.
–The router has level-1 connectivity to another level-1/level-2 IS-IS router.
–An SSO switchover occurs on the router or the router loses and then regains connectivity to the level-2 topology.
Workaround: Trigger a change that causes the router to regenerate its level-2 LSP.
Miscellaneous
•CSCea73586
Symptoms: The FlexWAN linecard crashes when dLFIoATM is configured under traffic.
Conditions: This symptom has been observed with the configuration of dLFIoATM under traffic on a Cisco 7500 or Cisco 7600 platform.
Workaround: There is no workaround.
Further Description: Configuration of dLFIoATM when traffic is stopped should prevent the crash and then later traffic should be alright.
•CSCec11488
Symptoms: A Network Processing Engine G1 (NPE-G1) may reload unexpectedly when a redzone overrun error occurs.
Conditions: This symptom is observed on a Cisco 7200 series that has an ATM subinterface on which the atm arp-server nsap nsap-address interface configuration command is enabled.
Workaround: Disable the atm arp-server nsap nsap-address interface configuration command on the ATM subinterface.
•CSCee15581
Symptoms: A router that is configured for L2VPN may crash.
Conditions: This symptom is observed when L2VPN connections are dynamically deconfigured and then reconfigured.
Workaround: There is no workaround.
•CSCee20451
Symptoms: A VC may experience an output stuck condition.
Conditions: This symptom occurs when using T1 ATM (the IMA function is not used) on a PA-A3-8T1IMA.
Workaround: Perform the clear interface command.
•CSCee31450
Symptoms: IPv6 packets may not be switched via CEFv6 but may be blackholed.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)S4 when the packets are switched from an FE interface to a POS interface. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCef41603
Symptoms: The gatekeeper does not route calls based on the ARQ call identifier.
Conditions: This symptom was observed with a third party application that is registered to a gatekeeper when attempting to use Trunk Group routing.
Workaround: There is no workaround.
•CSCef48325
Symptoms: WRED counters do not function on distributed platforms such as a Cisco 7500 series and a Cisco 7600 series.
Conditions: This symptom is observed on a distributed Cisco platform that runs Cisco IOS Release 12.0(26)S3, 12.0(29)S, 12.2(25)S, 12.3(10), or 12.3(11)T and that has dWRED configured.
Workaround: There is no workaround.
•CSCeg12134
Symptoms: When you send multicast traffic over an IPSec tunnel, a memory leak may occur on a router.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when both IP CEF and hardware encryption are configured. The symptom may also occur in other releases.
Workaround: Switch to software encryption for a while and then switch back to hardware encryption.
Alternate Workaround: Disable IP CEF.
•CSCeg23300
Symptoms: When you enter the show memory address command, irrespective of whether or not you place an optional keyword after the pipe (vertical bar), the console or vty session hangs and cannot be restored without reloading the platform. This situation especially impacts the console, but as long as there is a vty session available, Telnet still functions.
Although the platform may return the initially requested data, it does not return the prompt. The session (either console logging and/or terminal monitoring) continues to generate system or error messages to the terminal.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series but is platform-independent.
Workaround: Reload the platform. The stalled prompt will eventually recover but this could take many hours or even days.
Further Problem Description: The symptom is expected behavior because the parser must scan the entire range of possible (and ever growing) memory addresses. For this reason, we recommend against the use of the show memory address command, which will be removed from common usage in all future releases.
•CSCeg36362
Symptoms: A Cisco 7200 series that is configured with an NPE-G1 may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when the Cisco 7200 series is configured for Fast Switching.
Workaround: There is no workaround.
•CSCeg38778
Symptoms: An invalid packet causes Cisco IP Communicator to loose audio for the first 6 seconds.
Conditions: This symptom is observed on a Cisco router that is configured for the G.729 codec when the router sends a single G.711ulaw packet while it terminates an H.323 Voice over IP (VoIP) call.
Workaround: Upgrade to IP Communicator 1.1(3) or above, which ignores this incorrect packet
•CSCeg64679
Symptoms: A Cisco AS5850 reloads when you enter the redundancy handover peer-resources command to hand over the peer resources to the other RSC.
Conditions: This symptom is observed when the RSC that hands over the peer resources is in the "ACTIVE_EXTRALOAD" mode and when an SNMP trap is sent to obtain the card status.
Workaround: There is no workaround.
•CSCeg83467
Symptoms: The router crashes whenever encapsulation changes from AAL5SNAP to AAL0 on a private virtual circuit (PVC).
Conditions: This symptom has been observed when encapsulation is changed from AAL5SNAP to AAL0.
Workaround: Do not configure AAL0.
•CSCeh18306
Symptoms: On a Cisco 2600-XM series that is configured with an AIM-ATM module, when one PVC is configured for ABR and another PVC is configured for another ATM class, CRC errors occur on the far end of the ATM link of the PVC that is configured for the other ATM class. This situation may occur because the PVC that is configured for ABR sends two RM cells in a row and overwrites some data of the PVC that is configured for the other ATM class
Conditions: This symptom is observed on a Cisco 2651-XM that runs Cisco IOS Release 12.3 and that is configured with an AIM-ATM module. However, the symptom may not be platform-dependent and may occur on any platform that is configured with an AIM-ATM module.
Workaround: Do not configure ABR on a PVC.
•CSCeh61467
This caveat consists of the two symptoms, two conditions, and two workarounds:
Symptom 1: After you have disabled MVPN on a VRF interface, the CPU use for the PIM process increases to 99 or 100 percent and remains at that level.
Condition 1: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases. The symptom may also occur in other releases.
Workaround 1: Before you disable MVPN on the VRF interface, enable and then disable multicast routing by entering the ip multicast-routing vrf vrf-name global configuration command followed by the no ip multicast-routing vrf vrf-name global configuration command.
Symptom 2: A router that functions under stress and that is configured with a VRF interface may crash when an MDT group is removed from a remote PE router.
Condition 2: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SX, or a release that is based on these releases, and occurs only when there are frequent link flaps or other multicast topology changes that affect the VRF interface. The symptom may also occur in other releases.
Workaround 2: There is no workaround.
•CSCeh76209
Symptoms: When Policy Based Routing (PBR) is configured with the set interface command, packets continue to be forwarded to an interface when that went down, causing packets to be dropped. When the ip local policy route-map command is enabled, all locally-generated packets are impacted.
Conditions: This symptom is observed on a Cisco router and only applies to packets that require process-switching.
Workaround: Do not enter the set interface command. Rather, enter the set ip next-hop command.
•CSCeh78411
Symptoms: If a spoke cannot complete IKE phase I because of a bad certificate, the failed IKE sessions may not be deleted on an IPSec/IKE responder. Such failed sessions may accumulate, eventually causing router instability. These failed sessions can be seen in the output of the show crypto isakmp sa | i MM command:
172.18.95.21 10.253.34.80 MM_KEY_EXCH 898 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 896 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 895 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 894 0 ACTIVE
172.18.95.21 10.253.34.80 MM_KEY_EXCH 893 0 ACTIVE
...
Conditions: These symptoms are observed when RSA signatures are used as the authentication method.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that is used for the IKE sessions or re-apply the crypto map to this interface.
•CSCei08458
Symptoms: The FIB may be disabled or the output interface may be stuck on an A3 ATM port adapter.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM.
Workaround: Reload the microcode or perform an OIR to recover the A3 ATM port adapter.
•CSCei09130
Symptoms: A Cisco 2600XM series that is configured with an AIM module may increment layer 1 errors and clock slips.
Conditions: This symptom is observed only on a Cisco 2600XM series that runs Cisco IOS Release 12.4 when the following four specific conditions occur:
–The router is configured with an AIM-ATM, AIM-VOICE, or AIM-ATM-VOICE module.
–The router is configured with a VWIC-2MFT-x card. (The symptom does not occur with a VWIC-1MFT-x card.)
–Both ports of the VWIC-2MFT-x card are configured for Line Timing.
–The first VWIC port is connected and active, while the second VWIC port is either disconnected, in the LOS alarm state, or on a different clock domain than the first VWIC port.
The symptom could also occur on a Cisco 2600XM series that runs Release 12.4 or Release 12.4.T.
Workaround: There is no workaround.
•CSCei45749
Symptoms: When you enter the clear interface command on an Inverse Multiplexing for ATM (IMA) interface configured for dynamic bandwidth, the PVCs that are associated with the IMA interface may become Inactive.
Conditions: This symptom is observed only for IMA interfaces that have the atm bandwidth dynamic command enabled.
Workaround: Issuing the command no atm bandwidth dynamic from the IMA interface can prevent the problem from happening. If the problem has been experienced already, using the command no atm bandwidth dynamic followed by a shutdown and subsequent no shutdown from the IMA interface can be used to workaround the problem and clear the inactive PVC condition.
•CSCei46978
Symptoms: A Cisco 7200 series may generate the following error message, and links flap:
%SBETH-3-ERRINT: GigabitEthernet0/1, error interrupt, mac_status = 0x0000000000840000
Conditions: These symptoms are observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(15) and that is configured with an NPE-G1.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(13).
•CSCei50425
Symptoms: A Cisco 7200 series or Cisco 7301 that is equipped with a VAM, VAM2 or VAM2+ accelerator may refuse a valid RSA key and generate an error message such as the following:
% Error in generating keys: did not validate % Key pair import failed.
Conditions: This symptom is observed under rare circumstances when a valid RSA key is composed of unusually short or long prime numbers and coefficient.
When the VAM is deactivated during the importation of the RSA key, the router accepts the key but when the VAM, VAM2, or VAM2+ is inserted into the chassis, the router miscomputates the signature payload of the IKE/ISAKMP exchanges.
Workaround: Create a new RSA key.
Further Problem Description: The result of the wrong operation can be seen on the other side of the connection by activating the debug crypto engine and debug crypto isakmp commands. The following messages are related to the failure:
crypto_engine: public key verify
crypto_engine: public key verify, got error no available resources
ISAKMP:(0:2:HW:2): signature invalid!
•CSCei51322
Symptoms: A router that is configured for IPSec may reload because of a stack or program counter corruption.
Conditions: This symptom is observed on a Cisco router that uses a certificate with a very long subject name of several hundred bytes when the distinguished name (DN) is used as an ISAKMP identity. The symptom does not occur for shorter subject names (for example, 290 characters). In most environments, a subject name of 80 characters or less is common.
Workaround: Use certificates with a shorter subject name.
•CSCei61814
Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5850 may reset unexpectedly.
Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.
Workaround: There is no workaround.
•CSCei62348
Symptoms: A Cisco 2691 crashes because of a bus error exception and alignment errors.
Conditions: This symptom is observed when SNMP passes invalid VLAN IDs to VTP.
Workaround: There is no workaround.
•CSCei62522
Symptoms: ISAKMP SA negotiation is not successful in aggressive mode.
Condition: This symptom has been observed when testing Radius Tunnel Attribute with HUB and Spoke Scenario using Cisco IOS interim Release 12.4(3.3).
Workaround: There is no workaround.
•CSCei66542
Symptoms: SGBP AAA authentication fails in a large scale dial-in configuration.
Conditions: This symptom is observed when a bid is processed and when an incorrect name is retrieved, causing an incorrect user name to be sent and the AAA authentication to fail.
Workaround: There is no workaround.
•CSCei70222
Symptoms: All IKE IPSec SAs are down and encryption services do not function when an hardware encryption engine is enabled.
Conditions: This symptom is observed on a Cisco router that is configured with a VAM, VAM2, or VAM2+ when the router runs under low memory conditions.
Workaround: There is no workaround. Reboot the router to temporarily resolve the symptoms.
Further Problem Description: When the debug crypto engine error command is enabled, the following debug message is generated:
CryptoEngine: epa_get_blk_buffer FAILED
•CSCei79855
Symptoms: When Cisco IOS software is secured using "secure boot" commands and after formatting the disk, the show disk command will not display the secured image and the corresponding configurations in the output.
Conditions: This symptom occurs when securing the Cisco IOS software using the secure boot-config and the secure boot- image commands and formatting the disk.
Workaround: There is no workaround.
•CSCei86192
Symptoms: When a buffer leak occurs, the RP crashes because of the starvation of buffers.
Conditions: This symptom is observed on a Cisco 7500 series that has a VIP in which a channelized T1/E1 port adapter is installed and on Cisco 7600 series that has a FlexWAN in which a channelized T1/E1 port adapter is installed.
Workaround: There is no workaround.
•CSCei93090
Symptoms: EIGRP does not learn routes when the ip pim sparse-dense-mode command is configured on a Gigabit Ethernet interface.
Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS interim Release 12.4(4.3).
Workaround: There is no workaround.
•CSCej00319
Symptoms: A router that is configured for Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) may crash when LDP is configured or removed from an interface or globally.
Conditions: This symptom is observed when parallel links are present.
Workaround: There is no workaround.
•CSCej42480
Symptoms: Incoming or outgoing PSTN calls fail on a PRI interface.
Conditions: This symptom has been observed on a Cisco 2620XM VoIP Gateway (MGCP) with Cisco IOS Release 12.4(2)T1 and a PRI Backhauled MGCP Gateway controlled by Cisco CallManager Release 4.1(3)SR1.
Workaround: There is no workaround.
•CSCej42935
Symptoms: Data corruption may occur on a disk when directory entries are read by more than one process simultaneously.
Conditions: This symptom is observed on a Cisco platform that has an ATA file system when, for example, the dir disk0: command is entered on one vty connection and simultaneously, and for the same disk, the copy disk0: command is entered on another vty connection.
Workaround: There is no workaround.
•CSCin79522
Symptoms: A Cisco router that runs Cisco IOS Release 12.3T may reload when the ATM interfaces are swapped.
Conditions: This symptom is observed when an ATM IMA port adaptor is removed and a PA-A3 port adaptor is inserted in the same slot and when there is at least one PVC configured that has the inarp enabled. The symptom may also occur in Release 12.3 or Release 12.4.
Workaround: There is no workaround.
•CSCsa49177
Symptoms: After you reload a router, the physical ATM interface for an IMA group interface remains down even though the T1 controllers are active.
Conditions: This symptom is observed on a Modular Access Router such as a Cisco 3700 series that is configured with a VWIC-2MFT-T1 and an ATM-AIM.
Workaround: Reload the router or remove and reconfigure all ATM parameters.
•CSCsa60223
Symptoms: After a call is made between H.323 and SIP on the IPIPGW, executing the show call active voice command does not reflect the call leg information.
Conditions: This symptom occurs when doing SIP-H323 calls.
Workaround: There is no workaround.
•CSCsa65035
Symptoms: The committed information rate (CIR) of policers is calculated incorrectly.
Conditions: This symptom is observed when Frame Relay Traffic Shaping (FRTS) is applied using Modular QoS CLI (MQC) (that is, it is applied on the shaper in the parent service policy) and when the classes of the child policy include percentage-based policers.
Workaround: There is no workaround.
•CSCsa65819
Symptoms: The Label Information Base (LIB) may not be disabled.
Conditions: This symptom is observed on a Cisco router that is configured for MPLS VPN when an IPv4 BGP neighbor that is configured to exchange MPLS labels goes down.
Workaround: There is no workaround.
•CSCsa97663
Symptoms: An ATM interface is unexpectedly removed from an IMA group even though the ATM interface is still in the up/up state, causing T1 links to be disconnected.
Conditions: This symptom is observed on a Cisco 2600 series when you change the Cisco IOS software from Release 12.2(13)T8 to Release 12.3(12b).
Workaround: Re-add the ATM interface to the IMA group by removing and reconfiguring the IMA configuration on the ATM interface.
•CSCsb00759
Symptoms: A Cisco 3640 or Cisco 3660 stops encrypting GRE packets, which are then sent in the clear.
Conditions: This symptom is observed on a Cisco 3640 and Cisco 3660 that run Cisco IOS Release 12.3(13), that are configured for CEF, and that have an interface (but not necessarily the interface with the crypto map) that has the ip tcp header-compression command enabled.
Workaround: Re-apply the service policy on the interface that is configured with the crypto map.
First Alternate Workaround: Enter the no route-cache cef command followed by the route-cache cef command.
Second Alternate Workaround: Delete the crypto map from the interface and re-apply the crypto map.
•CSCsb02061
Symptoms: An "Output Hold Queue Wedge" condition may occur on PVCs that are defined on DS1 ports that are not configured for IMA.
Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-ik9s-mz image of Cisco IOS Release 12.3(13), that is configured with a PA-A3-8T1-IMA port adapter that is configured for DSL aggregation, and that terminates hundreds of UBR VCs on a DS1 interface. The "Output Hold Queue Wedge" condition occurs on idle subinterfaces or when multiple point-to-point subinterfaces are "spawned" from a single subinterface by entering a PVC range command such as the following:
interface ATM1/0.100 point-to-point
ip unnumbered Loopback10
atm route-bridged ip
range pvc 6/100 6/599
Workaround: There are four workarounds:
–Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the physical interface.
–Enter the no pvc-in-range command followed by the pvc-in-range command on a wedged VC.
–Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an uplink interface.
–Tear down and rebuild a PVC.
•CSCsb04447
Symptoms: A Cisco AS5400 does not generate a RADIUS stop record when a call disconnect is initiated by a modem on the Cisco AS5400.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(10a) or Release 12.3(12) and that is configured for PRI T1. The symptom does not occur when the remote end or a signal initiates the call disconnect.
Workaround: There is no workaround.
•CSCsb04721
Symptoms: When the Any Transport over MPLS (AToM) feature is enabled on a router, AToM virtual circuits to a peer may not be re-established after an interface flap or after being reconfigured, because the required targeted Label Distribution Protocol (LDP) session is not re-established.
Conditions: This symptom is observed when LDP is not configured on any interfaces via the mpls ip interface configuration command, which is typically the case when MPLS Traffic Engineering (TE) tunnels are used to transport AToM traffic between endpoints and when the mpls ip interface configuration command is not enabled on any TE tunnels.
The symptom occurs in Cisco IOS software releases that include the fix for caveat CSCec69982 when any form of one of the following commands is configured on the router and appears in the running configuration:
mpls ldp explicit-null
mpls ldp advertise-labels
mpls ldp session protection
mpls ldp password fallback
mpls ldp password option
mpls ldp password required
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec69982.
Workaround: Enter the mpls ip command on a TE tunnel interface or temporarily on a physical interface to force LDP to be re-established.
•CSCsb18502
Symptoms: Data that is forwarded downstream from a SNASw router is intermittently corrupted. Sniffer traces that are captured upstream and downstream from the SNASw router show that the data that is sent from the host to the SNASw router is fine, but when the data leaves the SNASw router, there are some corrupted bytes at the end of the data stream.
Conditions: This symptom is observed on a SNASw router that is connected upstream to a mainframe host via Enterprise Extender.
Workaround: There is no workaround.
•CSCsb25429
Symptoms: A Cisco router that has a virtual-template interface that is configured for PPPoE may reload because of a software-forced crash.
Conditions: This symptom is observed only when RADIUS AAA per-user attributes are used in active PPPoE sessions.
Workaround: There is no workaround.
•CSCsb28315
Symptoms: The "tunnel protection malloc" process may cause a memory leak in the Crypto IKMP process.
Conditions: This symptom is observed on a Cisco platform that runs a crypto image and that functions as a spoke when the interface that connects to the hub flaps and receives a new IP address after the flap.
Workaround: There is no workaround.
•CSCsb34344
Symptoms: A Fast Ethernet (FE) interface on a Cisco AS5400 may reset unexpectedly.
Conditions: This symptom is observed when you attempt to program the FE controller for multicast or broadcast traffic such as OSPF, EIGRP, RIP, or PIM.
Workaround: There is no workaround.
•CSCsb37645
Symptoms: A router may crash during a basic H.323 call with carrier ID routing.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).
Workaround: There is no workaround.
•CSCsb42176
Symptoms: A Cisco 7200 series may pause indefinitely when a neighbor reloads.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-POS-2OC3 port adapter.
Workaround: There is no workaround.
•CSCsb43117
Symptoms: Media negotiation fails for SIP calls and the terminating gateway replies with a "488" message to an Invite message.
Conditions: This symptom is observed on a Cisco platform when the terminating gateway is configured with the G279B (annex B) codec and when the Session Description Protocol (SDP) for the incoming Invite message does not have any FMTP attribute line, which means that the default value, that is, the G279B (annex B) codec, is used.
Workaround: There is no workaround.
•CSCsb50995
Symptoms: The Switch Processor (SP) of a Cisco Catalyst 6500 series or Cisco 7600 series may run out of memory with 15,000 VPLS VCs (that is, with 512 VFIs and 30 LDP neighbors).
Conditions: This symptom is observed when all LDP sessions are flapped many times with a pause of approximately 10 seconds between each flap.
Workaround: There is no workaround.
•CSCsb59555
Symptoms: An Engine 3 or Engine 4+ line card may be stuck in the "request reload" state and CEF may be disabled on the line card, although the CEF table is up, as is shown in the output of the show cef linecard command:
Slot MsgSent XDRSent Window LowQ MedQ HighQ Flags
1 8558 719895 4966 0 0 0 up
2 8560 718293 4966 0 0 0 up
3 8609 722867 4965 0 0 0 up
4 8584 721311 4965 0 0 0 up
5 8597 724307 4965 0 0 0 up
9 8586 722060 4966 0 0 0 up
10 8579 720566 4966 0 0 0 up
11 8566 719086 4966 0 0 0 up
12 8606 725072 4966 0 0 0 up
13 8597 723572 4966 0 0 0 up
*7 1 3 24 0 0 0 disabled, rrp hold
0 4058 359354 4966 0 0 0 up
VRF Default, version 5032, 5024 routes
Slot Version CEF-XDR I/Fs State Flags
1 5032 5016 67 Active sync, table-up
2 5032 5016 5 Active sync, table-up
3 5032 5016 20 Active sync, table-up
4 5032 5016 5 Active sync, table-up
5 5032 5016 5 Active sync, table-up
9 5032 5016 4 Active sync, table-up
10 5032 5016 4 Active sync, table-up
11 5032 5016 20 Active sync, table-up
12 5032 5016 4 Active sync, table-up
13 5032 5016 8 Active sync, table-up
*7 0 0 4 Active table-disabled
0 0 0 5 Active request reload, table-up
Conditions: This symptom is observed on a Cisco 12000 series after an RPR+ switchover has occurred. However, the symptom is platform-independent and may also occur on another platform that is configured for CEF when an RPR+ switchover has occurred.
Workaround: Enter the clear cef linecard command for the affected line card.
•CSCsb64721
Symptoms: A spurious access is generated on a Cisco 7500 series and a virtual-access interface does not come up but remains in the up/down state.
Conditions: These symptoms are observed on a Cisco 7500 series that is configured for dLFIoFR when the MTU size is changed on the physical interface.
Workaround: There is no workaround.
•CSCsb72138
Symptoms: A Foreign Exchange Station (FXS) port may lock up after having functioned fine for a long time.
Conditions: This symptom is observed on a Cisco 2821 that runs Cisco IOS Release 12.3(11)T5. This symptom typically occurs when fax devices are configured on the FXS port but is not limited to this configuration.
This particular instance is when using MGCP controlled voice ports.
Workaround: Use H323 for signaling.
•CSCsb74409
Symptoms: A router may keep the vty lines busy after finishing a Telnet/Secure Shell (SSH) session from a client. When all vty lines are busy, no more Telnet/SSH sessions to the router are possible.
Conditions: This symptom is observed on a Cisco router that is configured to allow SSH sessions to other devices.
Workaround: Clear the SSH sessions that were initiated from the router to other devices.
•CSCsb75197
Symptoms: An SNA Switch (SNASw) rejects EE link activation with sense code 08120000. Once the SNASw runs out of ANR Labels, inbound connections, i.e. pu2.1 clients, will also be rejected with sense code 08120000 as seen on a DLCTRACE.
Conditions: This symptom is seen when a downstream device has repeatedly sent in an old-SNA flavor of XID3 (one that indicates no exchange state indicators are supported) over an SNASw port that has not specified CONNTYPE.
Workaround: A reload of the router will be needed to clear this condition. However, the problem can be avoided in the first place by configuring CONNTYPE NOHPR on the downstream port.
Further Problem Description: VTAM logs show sense code 08010000 during the link activation XID3 negotiation. The SNASw shows sense code 08120000 on a DLCTRACE capture during the link activation XID3 negotiation for either upstream link activation or for an inbound device XID3 negotiation exchange during a connection attempt.
•CSCsb80536
Symptoms: A Cisco 3640 router may fail to boot with an image of Cisco IOS Release 12.3 and may enter the ROMmon during the boot process.
Conditions: This symptom is observed only on a Cisco 3640.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2T. The fix for this caveat is also integrated in Release 12.4 and Release 12.4T.
Further Problem Description: If the router boots an image successfully once, then it is safe to assume that the symptom will not occur on the router.
•CSCsb83876
Symptoms: The counters on a PA-MC-E3 port adapter may provide incorrect information. For some interfaces of the port adapter, the counters are always zero, and for others interfaces, the counters do increase but very slowly.
Conditions: This symptom is observed when you enter the show interfaces type slot command for a PA-MC-E3 port adapter.
Note that the symptom does not occur when you enter the show interface type number stats command or the show interfaces type slot accounting command. Also, when you enter the show interfaces type slot command for the VIP in which the PA-MC-E3 port adapter is installed, the counters provide correct information.
Workaround: Enter the show interface type number stats command to retrieve the correct information.
•CSCsb84354
Symptoms: A memory leak occurs when a midcall INVITE fails media negotiation for an incoming "200". Eventually, this leak causes memory fragmentation and causes the platform to reload.
Conditions: This symptom is observed on a Cisco AS5850 gateway that runs Cisco IOS Release 12.3(14)T3 but may also occur in Release 12.4 and Release 12.4T. The symptom occurs when the gateway sends a "a=T38MaxBitRate:7200" and when the other side responds incorrectly with a "a=T38MaxBitRate:14400". The gateway functions properly by failing media negotiation but the incorrect SDP data is released, causing the leak.
Workaround: There is no workaround.
•CSCsb86611
Symptoms: The PPP link fails when using LQM and hardware compression.
Conditions: This symptom has been observed on Cisco 3745 routers with AIM- COMPR4 on Cisco IOS Release 12.3(14)T2 and Release 12.4(3).
Workaround: Use software compression, disable CEF on the ingress interface, or disable WFQ on the WAN interface.
•CSCsb91678
Symptoms: A software-forced crash may occur on a Cisco 7206VXR because of a watchdog timeout.
Conditions: This symptom is observed on a Cisco 7206VXR that has a low-speed Mueslix-based serial port adapter such as a PA-4T+, PA-8T-V35, PA-8T-X21, or PA-8T-232 port adapter and that runs a Cisco IOS image that integrates the fix for caveat CSCec63468.
The symptom occurs only for low-speed port adapters such as the PA-4T+, PA-8T-V35, PA-8T-X21, and PA-8T-232 port adapters. The symptom may also affect port adapters in adjacent slots, and not only the port adapters in physically adjacent slots, but also the port adapters that are logically adjacent in the initialization path. This memory corruption occurs in the PCI/IO memory space.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec63468. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround. Note that high-speed or unchannelized serial port adapters are not affected.
Further Problem Description: The following error messages and tracebacks are generated just before the crash occurs:
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=3, count=0
-Traceback= 6074F79C 601BB3AC 601BC72C
%MUESLIX-1-HALT: Mx serial: Serial2/0 TPU halted: cause 0x3 status 0x0043404F
shadow 0x630FB864
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x6074F388 reading 0x1F
%ALIGN-3-TRACE: -Traceback= 6074F388 601BB3AC 601BC72C 00000000 00000000
00000000 00000000 00000000
%ALIGN-3-TRACE: -Traceback= 6074F7C0 601BB3AC 601BC72C 00000000 00000000
00000000 00000000 00000000
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process
= Per-Second Jobs.
-Traceback= 607E0078 607E44AC 607DACD0 601B0CD4 601B1A04 601ADEA8 603E2C2C
607CF128 6076E2EC
•CSCsb93316
Symptoms: In dual RP systems or in RP/SP systems, the system may crash with a Segmentation violation error.
Conditions: This symptom has been observed only in dual RP or RP/SP systems with High availability features present. The crash may be observed when the show file system command is issued.
Workaround: There is no workaround.
•CSCsb99091
Symptoms: An SNA Switch (SNASw) router reloads in snaswitch code in case of memory shortage.
Conditions: This symptom was observed with a router that is concentrating downstream physical units (DSPU) via DLSw/VLDC, and forwarding their traffic via HPR/LLC to the mainframes. There are about 300 to 400 physical units concentrated via the SNASw/DLUR. There are total of 16 routers in this system, with pairs of 8 routers backing up each other.
Workaround: There is no workaround.
•CSCsc02139
Symptoms: A router running SNA Switch (SNASw) may reload unexpectedly after logging the following messages:
Sep 13 08:42:45.950 METDST: %SNASW-3-SM_LOG_5: PROBLEM - 287990 - Insufficient
storage to activate LU6.2 session
Sep 13 08:42:46.014 METDST: %SNASW-3-SS_LOG_16: PROBLEM - 287994 - CP
capabilities exchange failed because of contention winner CP-CP session failure
Sep 13 08:42:47.946 METDST: %SNASW-3-SS_LOG_16: PROBLEM - 288001 - CP
capabilities exchange failed because of contention winner CP-CP session
failure (Message suppressed 16 times)
Sep 13 08:42:47.946 METDST: %SNASW-3-SM_LOG_5: PROBLEM - 287991 - Insufficient
storage to activate LU6.2 session (Message suppressed 109 times)
TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x61327E00
Conditions: This symptom has been observed on a DLSw/SNASw concentration router which is providing connectivity for 300 to 400 physical units through DLSw.
Workaround: There is no workaround.
•CSCsc02825
Symptoms: In Cisco IOS software that is running the Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP), the router could reload while trying to access a bad virtual address.
Conditions: This symptom may be observed when LDP is being used. It will not be observed with TDP. It may happen when LDP receives a protocol message larger than 512 bytes right after receiving several Label Mapping messages smaller than 25 bytes. This problem is likely to be accompanied by the presence of one of the following error message:
Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0xD0D0D0D
The above error message may be preceded by one of the following four error messages:
%ALIGN-1-FATAL: Corrupted program counter 19:45:07 CET Mon Sep 26 2005
pc=0xD0D0D0D, ra=0x61164128, sp=0x64879B98%TDP-3-BAD_PIE: peer x.x.x.x; unknown pie type 0x11E
%TDP-3-UNEXPECTED_PIE: peer x.x.x.x unexpected pie type 0x0
%TDP-3-PTCLREAD: peer x.xx.x0, read failure
This problem may be seen in releases that include the fix for CSCeg74562 but do not have the fix associated with this defect.
Workaround: There is no workaround.
•CSCsc03569
Symptoms: Incoming and outgoing PSTN calls fail on a BRI interface.
Conditions: This symptom has been observed on a Cisco 2620XM VoIP Gateway (MGCP) with Cisco IOS Release 12.4(2)T1 and a BRI Backhauled MGCP Gateway controlled by Cisco CallManager release 4.1(3)SR1.
Workaround: There is no workaround.
•CSCsc25745
Symptoms: In rare circumstances, an SNA Switch (SNASw) may get a "half session" towards the backup DLUS; issuing the show snasw session local command, and verifying the details that there is a CONWINNER, but no CONLOSER. On the mainframe side, the link appears to hang.
This creates no problem in operation, except when issuing a GiveBack command or a Takeover command, in which case, the link towards the backup DLUS does not work.
Conditions: This symptom has been observed on a Cisco 7200 router with an SNASw.
Workaround: The situation can be cleared with a snasw stop session pcid using the PCID shown with the show snasw session local command.
•CSCsc40912
Symptoms: SNA Switch (SNASw) routers experience a software-forced crash. The following message is seen in the log:
validblock_diagnose, code = 1
Conditions: This symptom has been observed after issuing an inact giveback command at VTAM directed at the router:
V NET,INACT,ID=dlurname,GIVEBACK,FINAL=YES
where dlurname is the router CP name.
This symptom occurs during VTAM VARY INACT GIVEBACK processing. This is a regression problem caused by CSCsb11554 so it is only applicable if running Cisco IOS after Cisco IOS interim Release 12.3(15.8), Release 12.4(2.11) and Release 12.4(2.11)T.
Workaround: There is no workaround.
•CSCuk59798
Symptoms: The router crashes on removal of a Virtual-TokenRing subinterface. The router also crashes on removal of a main Virtual-TokenRing interface when that main interface also has subinterfaces configured.
Conditions: This symptom has been observed under the following conditions:
1. Create a main Virtual-Tokenring interface.
2. Create a Virtual-TokenRing subinterface on the interface created in step 1.
3. Remove either the Virtual-TokenRing main interface created in step 1, or the Virtual-TokenRing subinterface created in step 2.
Workaround: There is no workaround.
Wide-Area Networking
•CSCed52110
Symptoms: IP header compression does not function for FR PVC-Bundles.
Conditions: This symptom is observed when IP header compression is configured for Frame Relay PVC bundles.
Workaround: There is no workaround.
•CSCee85138
Symptoms: A SegV exception crash may occur on a Cisco router that is configured for voice calls.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(6a) or Release 12.3(9) but may not be platform-dependent.
Workaround: There is no workaround.
•CSCeg62022
Symptoms: A DSL stops responding to ISDN calls (no response to SETUP messages). An "L3_GetUser_NLCB returned NULL" Q931 debug message may generated for each failed call.
Conditions: This symptom is observed intermittently on a Cisco router.
Workaround: There is no workaround.
•CSCeh49616
Symptoms: Incoming MPLS packets with IETF Frame Relay encapsulation are process-switched.
Conditions: This symptom is observed only on a Cisco 7200 series.
Workaround: Do not configure IETF Frame Relay encapsulation. Rather, configure Cisco Frame Relay encapsulation.
•CSCei11919
Symptoms: A dialed circuit that carries a PPP connection over a tunnel between an LNS and a LAC is not dropped when the tunnel is reset.
Conditions: This symptom is observed when you enter the clear vpdn all command, when the LNS reloads, when the IP link between the LSN and LAC is disrupted, or when any other event occurs that causes the tunnel to be reset.
Workaround: There is no workaround.
•CSCei13743
Symptoms: An outgoing Basic Rate Interface (BRI) call fails to activate the layer 1.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that includes the fix for caveat CSCsa66756. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsa66756. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•CSCei21549
Symptoms: A Cisco AS5850 reloads when an RLM group is unconfigured.
Conditions: This symptom is observed when you enter the no isdn rlm-group number command and when there are more than 31 NFAS members in the same NFAS group.
Workaround: Shut the primary interface, remove the NFAS members of the same NFAS group, and unconfigure the RLM group.
•CSCei88594
Symptoms: A router that is configured for Frame Relay crashes and generates the following error message:
%ALIGN-1-FATAL: Illegal access to a low address
addr=0x68, pc=0x621D6C50 , ra=0x621D8214 , sp=0x649990A8Conditions: This symptom is observed on a Cisco router that has Frame Relay end-to-end fragmentation configured on an interface and hardware compression on a PVC.
Workaround: Configure map-class fragmentation with Frame Relay traffic-shaping instead of interface level fragmentation.
•CSCei94893
Symptoms: AToM PVCs on an MFR interface that has keepalives disabled do not pass traffic after the router is rebooted.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0S.
Workaround: Enable LMI keepalives.
•CSCsa73159
Symptoms: No final billing record is made for a call.
Conditions: This symptom is observed when a call is made using a Two B-Channel Transfer (TBCT) TCL script in the following scenario:
–The Telco switch signals the TBCT call with a special FACILITY message.
–A call leg is created between point A and point B, and another call leg is created between point C and point D.
–TBCT connects point A to point D to release the TDM resources.
–A billing start record is made for each call leg.
–When the final call between point A and point D is released and a NOTIFY message is received, no final billing record is made for this call.
Workaround: There is no workaround.
•CSCsb26163
Symptoms: Tracebacks are generated in the "isdn_carrier_timeout" function during a dialout test.
Conditions: This symptom is observed only when the dialer order round-robin command is enabled.
Workaround: Try a different dialer order such as last successful or sequential to prevent the tracebacks from being generated.
•CSCsb58447
Symptoms: In a VPDN callback configuration, a callback call is successfully initiated and connected. However, when IPCP is successfully negotiated, the LNS receives an LCP CONFREQ message, causing the established PPP session to be disconnected and LCP to renegotiate again. This situation repeats itself continuously and may cause sporadic IP connectivity. Eventually, the call is cleared completely because the tunnel is disconnected by the LAC.
The output of the debug ppp negotiation command on the LAC shows that the LAC never finishes the PPP LCP negotiation with the client during the callback call. This situation causes the LAC to disconnect the tunnel.
Conditions: This symptom is observed on a Cisco 3660. However, the symptom is platform-independent.
Workaround: Enter the no ppp lcp fast-start command on the relevant asynchronous interfaces on the LAC.
•CSCsb83459
Symptoms: A router may reload when many PPPoE sessions are being initiated while memory availability is low or when many PPPoE sessions are being initiated and terminated.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.5) or a later release, interim Release 12.3(12.4)T or a later release, or any release of Release 12.4 or Release 12.4T.
Workaround: There is no workaround.
•CSCsc07033
Symptoms: The status of an ATM VC becomes "INAC" after DBS QoS RADIUS attributes are applied.
Conditions: If DBS QoS RADIUS attributes specified are above the usable line bandwidth of an ATM link, the status of the VC they are applied to will become "INAC".
Workaround: Don't specify DBS QoS RADIUS attributes (atm:peak-cell-rate, atm:sustainable-cell-rate) that are above the usable line bandwidth (149760 for an OC3 ATM link).
•CSCsc25964
Symptoms: A PPPoE client router does not honor the ip mtu settings configured on the PPPoE Dialer interface when the IP MTU is different from the interface MTU.
Fragmentation of IP packets larger than the configured IP MTU will not happen which can create problems in a PPPoE environment.
Conditions: This symptom occurs whenever a vaccess is cloned from the dialer interface and could be PPPoE, multilink or PPPoA.
Workaround: Configure the interface mtu command to the required value.
•CSCsc33439
Symptoms: A virtual-access interface fails to come up after you have configured virtual templates.
Conditions: This symptom is observed on a Cisco router that is configured for MFR.
Workaround: There is no workaround.
•CSCsc34911
Symptoms: After applying a RADIUS DBS UBR QoS to an ATM virtual circuit (VC), the QoS becomes QoS VBR, with an SCR of 1, instead of QoS UBR.
Conditions: This symptom has been observed when specifying a RADIUS DBS QoS UBR and applying it to an ATM VC.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(16a)
Cisco IOS Release 12.3(16a) is a rebuild release for Cisco IOS Release 12.3(16). The caveats in this section are resolved in Cisco IOS Release 12.3(16a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCsa83644
Symptoms: A Cisco MC3810 that is configured for LLQ drops packets from the priority queue and these drops are not accounted for in the output of the show policy-map interface output command.
Conditions: This symptom is observed on a Cisco MC3810 that runs Cisco IOS interim Release 12.3(14.7).
Workaround: There is no workaround.
Miscellaneous
•CSCsb84354
Symptoms: A memory leak occurs when a midcall INVITE fails media negotiation for an incoming "200". Eventually, this leak causes memory fragmentation and causes the platform to reload.
Conditions: This symptom is observed on a Cisco AS5850 gateway that runs Cisco IOS Release 12.3(14)T3 but may also occur in Release 12.4 and Release 12.4T. The symptom occurs when the gateway sends a "a=T38MaxBitRate:7200" and when the other side responds incorrectly with a "a=T38MaxBitRate:14400". The gateway functions properly by failing media negotiation but the incorrect SDP data is released, causing the leak.
Workaround: There is no workaround.
•CSCsc02825
Symptoms: In Cisco IOS software that is running the Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP), the router could reload while trying to access a bad virtual address.
Conditions: This symptom may be observed when LDP is being used. It will not be observed with TDP. It may happen when LDP receives a protocol message larger than 512 bytes right after receiving several Label Mapping messages smaller than 25 bytes. This problem is likely to be accompanied by the presence of one of the following error message:
Address Error (load or instruction fetch) exception, CPU signal 10, PC =
0xD0D0D0D
The above error message may be preceded by one of the following four error messages:
%ALIGN-1-FATAL: Corrupted program counter 19:45:07 CET Mon Sep 26 2005
pc=0xD0D0D0D, ra=0x61164128, sp=0x64879B98%TDP-3-BAD_PIE: peer x.x.x.x; unknown pie type 0x11E
%TDP-3-UNEXPECTED_PIE: peer x.x.x.x unexpected pie type 0x0
%TDP-3-PTCLREAD: peer x.xx.x0, read failure
This problem may be seen in releases that include the fix for CSCeg74562 but do not have the fix associated with this defect.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(16)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(16). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(16). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCed71593
Symptoms: When the radius-server retransmit 1 command is enabled on a NAS, the number of retransmit counts for a transaction with MS-IAS is more than the expected value.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(7.4).
Workaround: There is no workaround.
•CSCeh33492
Symptoms: A router may generate a %HAL-1-INITFAIL error message and may crash when you insert a PA-MC-STM-1MM port adapter via an OIR.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: There is no workaround.
•CSCeh33531
Symptoms: A traceback is generated when you successfully insert a PA-MC-STM-1MM port adapter via an OIR.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: There is no workaround.
•CSCeh65692
Symptoms: Spurious memory access errors and tracebacks may be generated on a Cisco AS5800.
Condition: This symptom is observed on a Cisco AS5800 that processes TCPclear calls.
Workaround: There is no workaround.
•CSCeh82694
Symptoms: A router crashes when an snmpwalk is performed on the ifTable.
Conditions: This symptom is observed when an interface that is registered for high capacity (HC) counters deregisters directly.
Workaround: Disable SNMP or do not poll the ifTable through SNMP.
•CSCei61732
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
•CSCin92442
Symptoms: You may not be able to establish an outbound Telnet connection on a router, nor may you be able to establish a reverse Telnet connection into a modem from the router console.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4 or interim Release 12.4(2.2)T but may also occur in Release 12.3.
Workaround: There is no workaround.
•CSCsa92212
Symptoms: A Path Echo Service Assurance Agent (SAA) operation misses hops.
Conditions: This symptom is observed when you perform a Path Echo SSA operation from a Cisco router that runs Cisco IOS Release 12.3.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2.
•CSCsa92394
Symptoms: A router may crash while loading the image for a secondary RSP from a disk during the boot process.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with redundant RSPs when the hw-module slot slot-number image disk0: image command is configured.
Workaround: There is no workaround.
•CSCsb27960
Symptoms: When the local method is used at the beginning of a PPP authentication method list and when a user does not exist in the local database, failover to the next method in the method list does not occur. This situation prevents users that are listed in the database of a RADIUS or TACACS+ server from being authenticated.
Conditions: This symptom is observed on a Cisco router that is configured for AAA.
Workaround: Temporarily remove the local method from the beginning of the method list.
Interfaces and Bridging
•CSCef49896
Symptoms: Packets that enter an interface that is configured for IP may not be switched via dCEF.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
ALternate Workaround: If many interfaces are affected, reload all port adapters by entering the microcode reload command on the control plane of the RSP.
•CSCef82084
Symptoms: Spurious memory accesses occur on a Cisco 7200 series and ALIGN-3-SPURIOUS error messages are generated.
Conditions: This symptom is observed after you have configured a new MLP interface and a new EBGP neighbor.
Workaround: There is no workaround.
•CSCei25164
Symptoms: A Cisco 7xxx series router may crash because of a bus error exception and may report CPUHOG message when you perform an OIR of an ATM PA-A3 or ATM PA-A6 port adapter.
Conditions: This symptom is observed on a Cisco 7xxx series router that runs Cisco IOS Release 12.3 when PVC auto-provisioning is enabled on the ATM PA-A3 or ATM PA-A6 port adapter and when many PPP sessions are in transition.
Workaround: There is no workaround.
•CSCin77104
Symptoms: Packet forwarding fails when the Ethertype is configured to 0x9100.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.7)T when you enter the dot1q tunneling ethertype 0x9100 command. The symptom could also occur in Release 12.3 or Release 12.4.
Workaround: There is no workaround.
•CSCsa83897
Symptoms: A channelized T3 port adapter cannot detect C-bit errors and does not shut down after continuous C-bit errors.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a channelized T3 port adapter.
Workaround: There is no workaround.
•CSCsa87986
Symptoms: A router may intermittently transmit corrupt PPP packets. When you enter the debug ppp nego and debug ppp errors commands, it appears that "protocol reject" packets are received from the remote end.
Conditions: This symptom is observed on a Cisco 7500 series that has only one OC3 POS port adaptor per VIP and that is configured for PPP encapsulation.
Workaround: There is no workaround.
•CSCsb04481
Symptoms: CEF may fail and the following error message is generated:
Interface Serial0/0:63 changed state to down
%CT3-3-LOVEFAIL: CT3-SW-PA-0/0: failed to send T3 line state change love letter %AMDP2_FE-5-LATECOLL: Ethernet0/0 transmit errorConditions: This symptom is observed on a Cisco 7500 series that is configured with a channelized T3 port adapter.
Workaround: There is no workaround.
•CSCsb53847
Symptoms: After a Cisco IOS upgrade to Cisco IOS Release 12.3(15) release and a router reload, the Path Payload Label Mismatch (PPLM) Packet-over-SONET (POS) alarm is reported on the upgraded router and PRDI is reported on the remote end of POS link.
Conditions: This symptom has been observed with Cisco IOS Release 12.3(15) on Cisco 7xxx routers after a router reload.
Workaround: On the Cisco 7xxx router where PRDI is reported on the POS interface, change the configuration of C2 byte to any other value different than the current value and then change it back to the original value. The PPLM alarm will be cleared and, after few secound, PRDI will clear, too.
After a reload, this symptom will be present again and the workaround will have to be performed again.
IP Routing Protocols
•CSCef21601
Symptoms: Calls may not complete because ResvConfirm messages are dropped. You can enter the debug ip rsvp messages command to track RSVP messages as they traverse routers.
Conditions: This symptom is observed when RSVP is configured for call admission control in a network with routers that do not have RSVP and a proxy ARP enabled. The symptom occurs because the RSVP-capable hop that sends the ResvConfirm messages uses the next RSVP-capable hop as the next IP hop for the packets and does not have the MAC address that is needed to encapsulate the IP packets for this next IP hop.
Workaround: Configure a static ARP entry that enables the router to properly encapsulate the packet by entering the arp ip-address hardware-address arpa command. The ip-address argument is the address of the next hop (that is visible via the RSVP debugs) for the ResvConfirm messages and the hardware-address argument is the MAC address of the interface of the next IP hop through which the ResvConfirm messages should be routed.
•CSCeh37200
Symptoms: A router crashes when PIM is enabled on a VIF interface.
Conditions: This symptom is observed on a Cisco 7500 series but may be platform-independent.
Workaround: There is no workaround.
•CSCeh47763
Symptoms: A Cisco router may erroneously send ACK packets in response to RST packets for non-local TCP sessions. This can cause high CPU utilization on the router.
Conditions: This symptom occurs when using Port Address Translation (PAT).
Workaround: Use the clear ip nat translation * command.
•CSCeh53906
Symptoms: A stale non-bestpath multipath remains in the RIB after the path information changes, and BGP does not consider the stale path part of the multipath.
Conditions: This symptom is observed on a Cisco router that has the soft-reconfiguration inbound command enabled and occurs only when the BGP Multipath Loadsharing feature is enabled for three or more paths, that is, the number-of-paths argument of the maximum-paths number-of-paths command has a value of three or more.
Workaround: Disable the soft-reconfiguration inbound command for the neighbor sessions for which the BGP Multipath Loadsharing feature is enabled or reduce the maximum number of paths for the BGP Multipath Loadsharing feature to two.
•CSCin65241
Symptoms: IS-IS redistribute commands are not synchronized to the standby RP. The routes that depend on these commands fail after a switchover.
Conditions: This symptom is observed on a Cisco 7500 series but is platform-independent.
Workaround: There is no workaround.
•CSCsa75512
Symptoms: A crash that is related to OSPF flooding may occur on a Cisco router that is configured for OSPF and MPLS traffic engineering.
Conditions: This symptom is observed when 1600 OSPF interfaces are configured in an OSPF area that is also configured for MPLS traffic engineering and when OSPF interfaces and OSPF adjacencies flap. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef16096. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Reduce the number of OSPF interfaces in the OSPF area to 300 or less. You can check the number of OSPF interfaces by entering the show ip ospf or show ip ospf interface interface-type interface-number brief command. Note that all interfaces that are covered by network statements are counted.
•CSCsb13988
Symptoms: A router that is configured for NAT may crash because of a bus error.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(9a) but is not platform-specific. The crash occurs while NAT attempts to translate an IP address in an H.323 RAS messages that does not contain an IP address.
Workaround: Disable H.323 RAS in NAT by entering the no ip nat service ras command. If you must use H.323 RAS in NAT, there is no workaround.
ISO CLNS
•CSCeh41328
Symptoms: IPv6 routes that are learned from other IPv6 routers are not installed in the RIB.
Conditions: This symptom is observed on a Cisco router that is configured for Multi-topology IS-IS in transition mode. This symptom does not occur when the router is configured for Multi-topology IS-IS without the transition mode.
Workaround: Use the default IS-IS metric on the interfaces that are configured for IPv6 IS-IS.
•CSCsa90719
Symptoms: A router running Cisco IOS software will reload unexpectedly, when the no passive-interface command is issued under the router isis configuration.
Conditions: This symptom has been observed when the interface is configured to run ISIS and later changed to passive interface.
Workaround: Disable ISIS on the interface before changing it to passive, using the no ip router isis interface command.
Miscellaneous
•CSCed63564
Symptoms: The calling-station ID field of an access-request message that is sent to a RADIUS server may be corrupted; a character in the calling-station ID may be removed. For example, if the calling-station ID is "cisco.bookworm" or "cisco/bookworm", the calling-station ID that is sent in the access-request message is "ciscobookworm". This situation is not limited to a dot or a forward slash.
Conditions: This symptom is observed on a Cisco AS5400HPX that runs Cisco IOS Release 12.3(2) or a later release, or Release 12.3(4)T2.
Workaround: Try to avoid unusual characters such as a dot or a forward slash in a calling-station ID.
•CSCee41831
Symptoms: A SegV exception may occur on a router when you enter the write memory or copy running-config startup-config command.
Conditions: This symptom is observed on a Cisco 1700 series and Cisco 2600 series when you enter the write memory or copy running-config startup-config command and when the NVRAM is corrupted.
Workaround: Erase the NVRAM and then enter the write memory or copy running-config startup-config command.
•CSCee89537
Symptoms: NBAR classification fails for GRE output packets.
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that run Cisco IOS Release 12.3(8)T, that are configured for IPSec in GRE tunnel mode, and that have the ip nbar protocol-discovery command enabled. The symptom may also occur in other releases.
Workaround: There is no workaround.
Further Problem Description: The symptom occurs both with software and hardware encryption.
•CSCef07167
Symptoms: A VIP may crash and generate tracebacks when you perform and OIR of the VIP.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFI and MPLS VPN.
Workaround: There is no workaround.
•CSCef08173
Symptoms: A VIP in which a PA-2FE port adapter is installed may reload because of memory corruption that is caused by a hardware issue of the PA-2FE port adapter.
Conditions: This symptom is observed when the VIP and port adapter function under stress, when the VIP is unable to serve memory read/write requests from the port adapter, and when there are PCI retry timeouts.
Workaround: There is no workaround.
•CSCef82962
Symptoms: A call treatment plays only a busy tone instead of the audio file that is configured in the call treatment.
Conditions: This symptom is observed when call treatment is configured on a router that functions as a Cisco CallManager Express (CME) and when the call threshold is met.
Workaround: There is no workaround.
•CSCeg02918
Symptoms: A Cisco router that is configured with an HTTP authentication proxy may reload because of a bus error.
Conditions: This symptom is observed on a Cisco router that runs a crypto image of Cisco IOS Release 12.3(9) or Release 12.3(10).
Workaround: Disable the HTTP authentication proxy. If this is not an option, there is no workaround.
•CSCeg16631
Symptoms: When you enter the distribute-list interface command in a global RIP routing context and the interface that is specified in the command is a VRF interface, the command is rejected with the following error message:
% The interface is not in the same VRF as the process
Because the distribute-list interface command is not implemented in the IPv4 VRF address-family, there is no other way to filter networks received in updates via a VRF interface.
Conditions: This symptom is observed in all Cisco IOS releases that integrate the fix for CSCee32557. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee32557. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: In a configuration that is mentioned above, to filter networks received in updates, enter the distribute-list extended-ACL-reference command in which the "source-part" of the extended ACL specifies the prefixes and the "destination part" matches on the IP address of the RIP neighbor.
•CSCeg24422
Symptoms: Packet drops occur in the ingress direction on a dMLP or dMLFR link with traffic at 95-percent of the line rate and when the number of packets with a small size is high.
Conditions: This symptom is observed on a Cisco 7500 series that functions as a provider edge (PE) router, that is configured for L2TPv3 L3VPN, and that has dMLP or dMLFR links to a customer edge (CE) router.
Workaround: There is no workaround.
•CSCeg26528
Symptoms: The performance of a router may be severely degraded (at approximately 90 percent of the line rate) when large packets are processed, when the MLP bundle link flaps, and when the router does not recover the MLP sequence numbers of the packets.
Conditions: This symptom is observed on a Cisco 7500 series and Cisco 7600 series that are configured for dMLP only when large packets are processed.
Workaround: There is no workaround.
•CSCeg35786
Symptoms: 20 percent of received faxes fails. Faxes arrive either partially, as a compressed page, or as invalid TIFF files.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(7)T when the T.37 Store and Forward Fax feature is configured and when the faxes are received by a mail server that is connected to the Cisco AS5850.
Workaround: There is no workaround.
•CSCeg36362
Symptoms: A Cisco 7200 series that is configured with an NPE-G1 may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when the Cisco 7200 series is configured for Fast Switching.
Workaround: There is no workaround.
•CSCeg51272
Symptoms: A router may reload when you enter the show ip nbar protocol-discovery command.
Conditions: This symptom is observed when NBAR protocol discovery is enabled on a virtual-template interface.
Workaround: There is no workaround.
•CSCeg52468
Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:
%VPN_HW-1-PACKET_ERROR slot 0 Packet Encryption/Decryption error, Output Authentication error (0x20000000)
or
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid Packet
Conditions: This symptom is observed under rare circumstances on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN/EPII, or AIM-VPN/HPII Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM). The symptom occurs after an IPSec SA rekeying.
Workaround: Use the appropriate AIM-VPN-BPII-Plus or AIM-VPN/EPII-Plus or AIM-VPN/HPII-Plus AIM.
Further Problem Description: HSP firmware version 2.3.1 was committed through CSCeg15422 to address the most common conditions that could result in PCI NULL writes that cause memory corruption. The fix for this caveat (CSCeg52468) implements HSP firmware version 2.3.2 to address additional conditions that could result in PCI NULL writes.
•CSCeg71662
Symptoms: A Cisco 7301 may generate duplicate packets.
Conditions: This symptom is observed on the onboard Gigabit Ethernet interfaces and subinterfaces of the Cisco 7301.
Workaround: Enter the standby use-bia command on the physical interface.
•CSCeg80842
Symptoms: The output of serial interfaces on a PA-MC-8TE1 may become stuck after several days of proper operation.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(10a) and that has MLP configured on the serial interfaces of the PA-MC-8TE1.
Temporary Workaround: Perform an OIR of the PA-MC-8TE1 or reload the router until the symptom occurs again.
Further Problem Description: The symptom occurs during normal operation of the router. If many errors occur on the link, the symptom is more likely to occur.
•CSCeg83460
Symptoms: Bidirectional PIM DF election does not occur correctly when a PIM neighbor expires.
Conditions: This symptom is observed when the PIM neighbor that expires is the designated forwarder (DF) for multiple RPs. The DF election is triggered only for the first RP on the list and does not occur for all the other RPs.
Workaround: Clear the state of the DF or toggle the interface state of the DF.
•CSCeh08363
Symptoms: Bidirectional DTR does not function. The output of the show dialer command shows the incorrect dialer type.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.9)T.
Workaround: There is no workaround.
•CSCeh17756
Symptoms: The PIM assert mechanism may not function properly, causing PE routers to remove VRF subinterfaces from output interface lists, and, in turn, causing multicast traffic to be dropped.
Conditions: This symptom is observed when redundant PE routers and CE routers are located on one LAN segment and when the CE routers select different PE routers as their next hop.
Workaround: Change the configuration in such a way that all CE routers on one LAN segment select the same PE router as their next hop.
•CSCeh32332
Symptoms: RIP removes the interface information for an interface that has the ip unnumbered command enabled from the RIP database when another interface that has the transmit-interface command enabled goes down.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(12a).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that has the ip unnumbered command enabled.
•CSCeh35457
Symptoms: A policy map may be removed from an ATM PVC range configuration without a check for an exact match of the policy map name. This situation may cause the wrong policy map to be removed from the ATM PVC range configuration.
Conditions: This symptom is observed when you enter the no service-policy output policy-map-name command on a subinterface that is administratively shut down. Any policy map that is attached to this subinterface may be deleted, regardless of whether or not the name of the policy map that is removed matches with the name of the policy map that should be removed. The symptom occurs only in a PVC range configuration on ATM subinterfaces.
Workaround: There is no workaround.
•CSCeh40161
Symptoms: When a branch router attempts to access the Internet via HTTP or TCP, the HTP or TCP session times out unexpectedly.
Conditions: This symptom is observed when the router at the headquarter has a Cisco IOS Firewall and resets the HTTP or TCP connection.
Workaround: Configure a GRE+IPSec connection between the branch router and the router at the headquarter.
Alternate Workaround: Disable the Cisco IOS Firewall on the router at the headquarter.
•CSCeh41272
Symptoms: After you perform an OIR of a PA-SRP-OC12 port adapter on a Cisco 7200 series, the router may not show any nodes in the SRP ring and may stop forwarding traffic. with IOS release
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(13) or Release 12.3(11)T3.
Workaround: There is no workaround.
•CSCeh56358
Symptoms: Missing entries in an MPLS forwarding table cause a ping failure.
Conditions: This symptom is observed when the following events occur in an MPLS environment:
–One router (router A) learns about a second router (router B) via a third router (router C) and router B has the no mpls ip global configuration command enabled. Between router A and router B, there is also an interface that is initially in the shutdown state and that has the mpls ip interface configuration command enabled.
–The connection between router A and router C is dropped and the interface between router A and router B is brought up by entering the no shutdown interface configuration command.
–The expected behavior is that router A learns about router B directly from router B and that router A updates its LFIB with "Untagged" as the outgoing label because router B has the no mpls ip global configuration command enabled. However, this does not occur: the LFIB of router A is not updated properly, causing incoming labeled packets on router A to be dropped.
Workaround: Enter the clear ip route network EXEC command on router A.
•CSCeh73049
Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (TCL) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.
Conditions: Devices that are not running AAA command authorization feature, or do not support TCL functionality are not affected by this vulnerability.
This vulnerability is present in all versions of Cisco IOS that support the tclsh command.
Workaround: This advisory with appropriate workarounds is posted at
http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
•CSCeh78918
Symptoms: When a line card has reloaded because you reloaded the router, the line card crashed, or you entered a command to reload the line card, the following message may appear on the console:
%MDS-2-RP: MDFS is disabled on some line card(s). Use "show ip mds stats linecard" to view status and "clear ip mds linecard" to reset.
This message may be generated because MDFS is erroneously disabled on the reloaded line card. Erroneous disabling of MDFS may unnecessarily extend network convergence time.
Conditions: This symptom is observed on a distributed router or switch such as a (Cisco Catalyst 6000 series, Cisco 7500 series, Cisco 7600 series, Cisco 10000 series, and Cisco 12000 series. The symptom occurs when the router has the ip multicast-routing distributed command enabled for any VRF and when a line card is reloaded more than 50 seconds into the 60-second MDFS flow-control period.
Workaround: The symptom corrects itself after 60 seconds. Alternatively, you can enter the clear ip mds linecard slot number command.
•CSCeh91772
Symptoms: If an existing file is extended, an ATA file system may become corrupted. When this situation occurs, the output of the dir command or of a show command does not list the files because the files are corrupted.
Conditions: This symptom is observed when you enter any command that extends a file such as the show interfaces ethernet | append disk0:file command.
Workaround: Do not enter a command that extends a file.
•CSCeh94557
Symptoms: When you reload a platform that generates calls and that is connected to a Cisco AS5400 or Cisco AS5850, some controllers fail to come up.
Conditions: This symptom is observed when a platform that generates digital calls and a platform that generates analog calls are connected via a Cisco AS5400 or Cisco AS5850.
Workaround: Reload the AS5400 or Cisco AS5850.
•CSCei01321
Symptoms: You cannot bring up a serial interface of a channelized E1 or T1 port. The interface remains in the down/down state.
Conditions: This symptom is observed on a Cisco 3600 series.
Workaround: There is no workaround.
•CSCei05553
Symptoms: A Modular QoS CLI (MQC) CoS marking disappears after you reload a router and QoS does not work.
Conditions: This symptom is observed on a Cisco router when the policy map is configured with a class using CoS marking via the set cos command. After the router has reloaded, the CoS marking is still present in the configuration but does not appear in the output of the show policy-map interface command.
Workaround: Remove and re-apply the service policy on the main interface.
•CSCei08347
Symptoms: When you ping a Gigabit Ethernet (GE) interface on an NPE-G1 that has the ip pim sparse-mode or ip pim sparse-dense-mode command enabled, the ping fails.
Conditions: This symptom is observed on a Cisco 7200 series after you have entered the shutdown interface configuration command followed by the no shutdown interface configuration command on the GE interface of the NPE-G1.
Workaround: After you have shut down and brought up the GE interface, enter the no ip pim sparse-mode or no ip pim sparse-dense-mode command and then reconfigure the command.
•CSCei08458
Symptoms: The FIB may be disabled or the output interface may be stuck on an A3 ATM port adapter.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM.
Workaround: Reload the microcode or perform an OIR to recover the A3 ATM port adapter.
•CSCei37015
Symptoms: A router that is configured to use RSA signature authentication and that deploys certificates during IKE phase 1 crashes when you boot the router with a new image.
Conditions: This symptom is observed on a Cisco 1721 when you boot the router with Cisco IOS Release 12.3(9d). However, the symptom is platform-independent. The crash occurs during the setup of the IKE SA.
Possible Workaround: Disable IKE before you reload the router with the new image.
•CSCei62348
Symptoms: A Cisco 2691 crashes because of a bus error exception and alignment errors.
Conditions: This symptom is observed when SNMP passes invalid VLAN IDs to VTP.
Workaround: There is no workaround.
•CSCei66542
Symptoms: SGBP AAA authentication fails in a large scale dial-in configuration.
Conditions: This symptom is observed when a bid is processed and when ab incorrect name is retrieved, causing an incorrect user name to be sent and the AAA authentication to fail.
Workaround: There is no workaround.
•CSCin79522
Symptoms: A Cisco router that runs Cisco IOS Release 12.3T may reload when the ATM interfaces are swapped.
Conditions: This symptom is observed when an ATM IMA port adaptor is removed and a PA-A3 port adaptor is inserted in the same slot and when there is at least one PVC configured that has the inarp enabled. The symptom may also occur in Release 12.3 or Release 12.4.
Workaround: There is no workaround.
•CSCin83881
Symptoms: A VIP may crash on a Cisco 7500 series that is configured for dMLP.
Conditions: This symptom is observed when MLP member links flap while traffic is being processed.
Workaround: There is no workaround.
•CSCin88273
Symptoms: After an RPR+ or SSO switchover occurs, an MLP sequence number mismatch may occur, a ping between back-to-back interfaces may not go through, and the routing protocol through this link may go down.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dMLP and RPR+ or SSO.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the multilink interface of the Cisco 7500 series.
•CSCin90300
Symptoms: Controllers do not come up after you have manually configured the card type for a PA-VXC-2TE1+ port adapter.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS interim Release 12.4(0.6) but may also occur in Release 12.3.
Workaround: Reload the router to enable the controllers come up.
•CSCin91163
Symptoms: Packets may be dropped as reassembly drops on a distributed (dMLP) ingress interface that has interleaving configured.
Conditions: This symptom is observed on a PA-MC-STM-1 port adapter when more than two DS0 members are part of an dMLP bundle that is configured for interleaving.
Workaround: There is no workaround.
•CSCin91267
Symptoms: You may not be able to bind interfaces to an uplink or downlink.
Conditions: This symptom is observed on a Cisco platform that is configured for SSG.
Workaround: There is no workaround.
•CSCin91677
Symptoms: The Unavailable Seconds (UAS) that are displayed in the output of the show controllers serial slot/port command are incorrect. The display of the UAS starts only after 20 contiguous severely errored seconds (SES) instead of after 10 contiguous SES.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-T3+ port adapter.
Workaround: There is no workaround.
•CSCin93609
Symptoms: A Cisco 7200 series or Cisco 7500 series may crash when bridged PVCs are deleted and added to an IMA interface of a PA-A3-8T1IMA or PA-A3-8E1IMA port adapter.
Conditions: This symptom is observed when the router is configured for bridging across ATM IMA PVCs, when the PVCs carry traffic, and when a script runs that deletes and adds PVCs across the IMA links. These PVCs are not among the bridged PVCs that carry traffic. The router crashes in about one to two hours.
Workaround: There is no workaround.
•CSCsa46484
Symptoms: A VIP or FlexWAN module in which a PA-POS-2OC3 port adaptor is installed may crash.
Conditions: This symptom is observed rarely and at random on a Cisco 7xxx series router or Cisco Catalyst 6000 series switch.
Workaround: There is no workaround.
•CSCsa53117
Symptoms: Multi-Layer Switching (MLS) CEF may stop functioning when an interface status changes. Ping and connectivity problems may also occur.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series switch and Cisco 7600 series when you shut down an interface or change VRF routes and as a result no other interfaces can be provisioned.
Temporary Workaround: Reload the supervisor engine.
•CSCsa56901
Symptoms: Cisco Fax Relay calls both to and from computer-based fax devices fail. Calls to and from traditional fax machines work fine. Calls to and from computer-based fax devices via the PSTN instead of via a Cisco Fax Relay network work fine too.
Conditions: This symptom is observed on a Cisco 3700 series that is configured for Cisco Fax Relay and VoIP.
Workaround: There is no workaround.
•CSCsa59000
Symptoms: A Cisco AS5850 reloads with an "unknown reload cause."
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(10) when you enter the following commands:
interface controller e1 1/17
no extsig mgcp
Workaround: There is no workaround.
•CSCsa60026
Symptoms: Cells loss occurs on a single ATM link of PA-A3-8T1IMA or PA-A3-8E1IMA port adapter.
Condition: This symptom is observed on a Cisco 7500 and 7200 series when one of the T1 or E1 member interfaces of an IMA group that is configured on a PA-A3-8T1IMA or PA-A3-8E1IMA port adapter is disconnected or when you enter the shutdown command on one of these T1 or E1 member interfaces. The symptom is not platform-specific and may also occur in other releases.
Workaround: There is no workaround.
•CSCsa61523
Symptoms: The following error message is generated on a Cisco 7200 series that has Multilink PPP (MLP) configured on serial interfaces of a PA-MC-STM-1 port adapter:
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=3, count=0
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(11)T3 only when MLP is configured on the serial interfaces. The symptom may also occur in Release 12.3 or 12.4.
Workaround: Unconfigure MLP on the serial interfaces.
•CSCsa64278
Symptoms: The "CallID not found" error message is generated several times, followed by a call failure.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for Tcl IVR.
Workaround: There is no workaround.
•CSCsa72313
Symptoms: The following error messages may be generated on a router that has IP ACL enabled:
%SYS-2-INSCHED: suspend within scheduler
-Process= "<interrupt level>", ipl= 3
-Traceback= 40525388 40628848 4060AED4 403F15BC 403F34F8 403F37EC 400901C8 4008E730 406A0EEC 40621120Conditions: This symptom is observed on a Cisco router such as a Cisco 7200 series, Cisco 7304, and Cisco 7500 series when a Turbo ACL compilation is configured along with an ACL on an ingress interface and when traffic passes through the ingress interface. The symptom does not affect the Cisco 10000 series.
Workaround: There is no workaround.
•CSCsa74893
Symptoms: An SSH server crashes when an SSH client attempts to connect to it.
Conditions: This symptom is observed when the SSH server is configured to connect to a TACACS+ server for AAA authentication and when there is no TACACS+ server.
Workaround: Configure a valid AAA authentication service on the SSH server.
•CSCsa77411
Symptoms: When a bandwidth change occurs, a router may crash because of a difficulty with traffic engineering link management.
Conditions: This symptom is observed on a Cisco router that integrates the fix for caveat CSCef16096 when the following conditions are present:
–The router is configured for OSPF and MPLS traffic engineering (TE).
–The interfaces, OSPF adjacencies, and TE tunnels are flap.
–There are more than 300 OSPF interfaces (in any state, including administratively down) in the OSPF area that is configured for MPLS TE.
You can check the number of interfaces by entering the show ip ospf or show ip ospf interface brief command. Note that all interfaces that are covered by network statements are included in the command output, even those that are in the administratively down state.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef16096. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•CSCsa79580
Symptoms: A Cisco AS5300 that is configured with a call switching module (CSM) may generate tracebacks that are related to a B-channel IDB. This situation may cause 64-kbps digital calls to be answered by modems instead of via High-Level Data Link Control (HDLC).
Conditions: This symptom is observed on a Cisco AS5300 that runs Cisco IOS Release 12.3.
Workaround: There is no workaround.
•CSCsa80223
Symptoms: The following error message may be generated on a Cisco router that is configured with a large number of interfaces:
Error adding idb to <listtype> idb list
In this error message, <listtype> can be a list name such as "macaddr".
Conditions: This symptom is observed on a Cisco router that is configured with a large number of interfaces.
Workaround: There is no workaround.
•CSCsa82222
Symptoms: A Cisco router may reload because of a watchdog timeout in the SNMP engine process.
Conditions: This symptom is observed on a Cisco 3700 series that runs Cisco IOS Release 12.3(6a) when you query the ifStackStatus MIB object. The symptom occurs because the query enters an infinite loop. Note that the symptom may be platform-independent.
Workaround: Disable SNMP on the router.
•CSCsa82886
Symptoms: A router crashes when you enter the tftp-server command.
Conditions: This symptom is observed when the filename argument of the tftp-server command has a length of more than 67 characters.
Workaround: Ensure that the length of the filename argument does not exceed 67 characters.
•CSCsa86572
Symptoms: A large configuration in NVRAM on a primary or secondary RSP may become corrupted and the router may generate relevant warning messages during the execution of a copy system:running-config nvram: startup-config command.
When you erase NVRAM by entering the erase nvram command and then enter the copy system:running-config nvram: startup-config command, the router may crash.
Conditions: This symptom is observed on a Cisco 7500 series but is platform-independent.
Workaround: If the configuration file is significantly large, place a copy of the configuration file on a flash card or disk with ample space and enter the boot config slot0:startup-config command to force the startup configuration file to be read from the flash card.
When you enter the copy system:running-config nvram: startup-config command, the current running configuration is saved to the flash card or disk and the configuration is auto-synchronized to the corresponding flash card on the secondary RSP.
Caution: Do not remove the flash card while the boot config slot0:startup-config command is being executed.
•CSCsa88145
Symptoms: In some scalability cases with a large number of tunnels, SVIs, or VLANs, FIB tracebacks occur after an SSO switchover.
Conditions: This symptom is observed because traceback recording for the general event log and the interface event log is on by default.
Workaround: There is no workaround. Note, however, that there is no functional impact.
Further Problem Description: The fix for this caveat turns off traceback recording for the general event log and the interface event log.
•CSCsa93883
Symptoms: No error condition is detected when a properly structured IPv4 packet has an invalid version value in the IP header. For example, IPv4 packets that have a version value other than 4 are forwarded without an error.
Condition: This symptom is platform-independent and occurs under normal operating conditions.
Workaround: There is no workaround.
•CSCsa94064
Symptoms: When the speed kbps argument of the channel-group channel-group-number timeslots range speed kbps controller configuration command is set to 64 kbps for a T1 channel group, the speed does not take affect and the T1 controller functions with the default speed of 56 kbps even though the output of the show running-config command shows that the controller is configured to function with 64 kbps.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release 12.3(11.7) or a later release, including Release 12.4, and that is configured with a T1 module.
Workaround: Select a channel-group number that is one number less than the timeslot range. For example, for a timeslot range of 10-22, select a channel-group number between 9-21 to enable the speed setting to function properly.
•CSCsa97663
Symptoms: An ATM interface is unexpectedly removed from an IMA group even though the ATM interface is still in the up/up state, causing T1 links to be disconnected.
Conditions: This symptom is observed on a Cisco 2600 series when you change the Cisco IOS software from Release 12.2(13)T8 to Release 12.3(12b).
Workaround: Re-add the ATM interface to the IMA group by removing and reconfiguring the IMA configuration on the ATM interface.
•CSCsb11124
The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
Cisco has published a Security Advisory on this issue; it is available at http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml
•CSCsb01043
Symptoms: When a Turbo ACL classification table grows beyond a certain size, a memory allocation failure may occur or the router may crash.
If the router runs Cisco IOS Release 12.3, memory corruption may occur, causing the router to crash. If the router runs Cisco IOS Release 12.2S, an error message similar to the following may appear during a Turbo ACL compilation, the compilation will fail, and a recompilation is forced:
%SYS-2-CHUNKBADELESIZE: Chunk element size is more than 64k for TACL Block
-Process= "TurboACL", ipl= 0, pid= 82These symptoms do not occur because of an out-of-memory condition.
Conditions: This symptom is observed on a Cisco router that is configured for Turbo ACL. The Cisco 10000 series is not affected.
Workaround: Monitor the output of the show access-lists compiled command and force the Turbo ACL tables to be cleared if a table is at risk of growing large enough to trigger the symptoms.
The tables that have significant sizes are the first and third tables shown next to "L1:" and the first table shown next to "L2:". When the number after the slash for one of these tables is greater than 16384 for the "L1" tables or greater than 32768 for the "L2" table, the table is already too large and the symptom may occur any moment.
When the number is in the range from 10924 to 16384 inclusive for the "L1" tables or the range from 21846 to 32768 inclusive for the "L2" tables, the table size will be too large on the next expansion. An expansion occurs when the number to the left of the slash reaches 90 percent of the value to the right of the slash. When the value to the left of the slash approaches 90 percent of the value to the right, enter the no access-list compiled command followed by the access-list compiled command to disable and re-enable Turbo ACL. Doing so causes the tables to be cleared and, therefore, delay the expansion. This workaround may be impractical when there is a high rate of incoming packets and when entries are added frequently to the tables.
Alternative Workaround: Disable Turbo ACL by entering the no access-list compiled command.
Note that neither of these workarounds are supported on a Cisco 7304 that is configured with an NSE-100: there is no workaround for this platform.
•CSCsb03192
Symptoms: When you change the NHRP mapping configuration, an incorrect NHRP cache entry and incorrect crypto socket entry may occur.
Conditions: This symptom is observed when you change the NHRP static mapping entry by entering the ip nhrp map command. The NHRP cache entry is not updated with the new mappings, causing the crypto socket entry to be incorrect.
Workaround: To change the NHRP static mapping configuration, remove the NHRP mapping entry by entering the no ip nhrp map command and then add the NHRP mapping entry by entering the ip nhrp map command.
•CSCsb05381
Symptoms: MGCP BRI backhaul calls fail, and debugs for the call failure show the following information:
400 67 Voice call setup failed-Incoming-Outgoing call collision
//-1/xxxxxxxxxxxx/VTSP:():-1:-1:-1/vtsp_call_setup_request:
CALL_ERROR_INFORMATIONAL; Glare Occurred B-Channel=1, Call Id=9
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.4(1) but may also occur in Release 12.3 or Release 12.4T.
Workaround: There is no workaround.
•CSCsb09190
Symptoms: A router misses an entry in its label forwarding table, which is shown in the output of the show tag-switching forwarding-table EXEC command for the missing entry and in the output of the show ip cef detail EXEC command for the prefix.
Conditions: This symptom is observed on a Cisco router that is configured for Multiprotocol Label Switching (MPLS) and that learns its routes through iBGP from redundant route reflectors (RRs) when BGP labeling is not enabled.
Workaround: There is no workaround. However, when you enter the clear ip route EXEC command for the affected prefix, the prefix is reinstalled in the label forwarding table.
•CSCsb28315
Symptoms: The "tunnel protection malloc" process may cause a memory leak in the Crypto IKMP process.
Conditions: This symptom is observed on a Cisco platform that runs a crypto image and that functions as a spoke when the interface that connects to the hub flaps and receives a new IP address after the flap.
Workaround: There is no workaround.
•CSCsb37645
Symptoms: A router may crash during a basic H.323 call with carrier ID routing.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•CSCeh54596
Symptoms: A router that is configured as an SSH client may hang.
Conditions: This symptom is observed when you attempt to make a connection to an SSH server by entering the ssh -l userid ip-addr command.
Workaround: There is no workaround.
Wide-Area Networking
•CSCea75722
Symptoms: A Cisco IOS voice gateway may fail to receive a call from the public switched telephone network (PSTN) on its PRI port.
Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.2(13)T3 or Release 12.3 and that functions as a voice gateway when it does not send a Q.931 Call Proceeding message upon receiving the call.
Workaround: There is no workaround.
•CSCee85138
Symptoms: A SegV exception crash may occur on a Cisco router that is configured for voice calls.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(6a) or Release 12.3(9) but may not be platform-dependent.
Workaround: There is no workaround.
•CSCeg42148
Symptoms: Attempts to change a B-channel service state by entering the isdn service nfas-int number b_channel number {state {0 | 1 | 2} [hard | immediate | soft]} command appear to succeed but the service state does not change.
Conditions: This symptom is observed when a voice application uses a B-channel. The output of the show isdn service detail command shows a locale of ISDN_NEAR_END_APP.
Workaround: There is no workaround.
•CSCeh11771
Symptoms: On a leased line (non-dialup) serial connection that is configured for PPP encapsulation, the line protocol may not come back up when the connection is reset. The PPP LCP remains in the closed state, even though the link is up physically.
Conditions: This symptom is observed when an active PPP session is reset and when the underlying link is not simultaneously reset, that is, when PPP goes down but when the link does not go down physically. This situation would occur, for example, when a PPP session is terminated because of keepalive failures.
Workaround: There is no workaround.
•CSCeh11994
Symptoms: A reply of an LNS to a LAC may be delayed.
Conditions: This symptom is observed on a Cisco router that is configured as an LNS that has several tunnels to different LACs.
Workaround: There is no workaround.
•CSCeh25440
Symptoms: InvARP packets on multiple MFR bundle interfaces may be dropped, causing traffic to fail after you have reloaded microcode onto a line card that processes a high load of traffic over many PVCs on MFR interfaces.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(31)S when 42 MFR bundles are configured over 336 full T1s and when egress MQC is configured on the 42 MFR bundle interfaces. However, the symptom is not platform- and release-specific.
Workaround: There is no workaround.
•CSCeh48987
Symptoms: The CEF-Dialer feature fails to add an adjacency for a Virtual-Access1 CEF interface.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS interim Release 12.3(14.10).
Workaround: There is no workaround.
•CSCeh56780
Symptoms: A router may crash when you enter the no interface atm command.
Conditions: This symptom is observed on a Cisco router while PPPoE sessions come up.
Workaround: First enter the shutdown command on the interface before you enter the no interface atm command.
•CSCei19546
Symptoms: The output of the show ppp mppe {serial | virtual-access} [number] command does not show the current connection information.
Conditions: This symptom is when you check the MPPE negotiation status.
Workaround: There is no workaround.
•CSCsa55747
Symptoms: The RADIUS L2TP-specific disconnect code value for the Ascend-Disconnect-Cause RADIUS attribute (195) is incorrectly generated as 607 instead of 605.
Conditions: This symptom is observed when an L2TP tunnel setup failure occurs between a LAC and an LNS.
Workaround: There is no workaround.
•CSCsa66756
Symptoms: The B channel on an NFAS "none" group member may hang with its channel state set to PROPOSED, which you can see in the output of the show isdn service command.
Conditions: This symptom is observed when the first activity on an NFAS "none" member is an outgoing call. After the first incoming or outgoing call, the symptom does no longer occur.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(15b)
Cisco IOS Release 12.3(15b) is a rebuild release for Cisco IOS Release 12.3(15). The caveats in this section are resolved in Cisco IOS Release 12.3(15b) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeh65692
Symptoms: Spurious memory access errors and tracebacks may be generated on a Cisco AS5800.
Condition: This symptom is observed on a Cisco AS5800 that processes TCPclear calls.
Workaround: There is no workaround.
•CSCei61732
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
Miscellaneous
•CSCsa97663
Symptoms: An ATM interface is unexpectedly removed from an IMA group even though the ATM interface is still in the up/up state, causing T1 links to be disconnected.
Conditions: This symptom is observed on a Cisco 2600 series when you change the Cisco IOS software from Release 12.2(13)T8 to Release 12.3(12b).
Workaround: Re-add the ATM interface to the IMA group by removing and reconfiguring the IMA configuration on the ATM interface.
•CSCsb37645
Symptoms: A router may crash during a basic H.323 call with carrier ID routing.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).
Workaround: There is no workaround.
Wide-Area Networking
•CSCsa55747
Symptoms: The RADIUS L2TP-specific disconnect code value for the Ascend-Disconnect-Cause RADIUS attribute (195) is incorrectly generated as 607 instead of 605.
Conditions: This symptom is observed when an L2TP tunnel setup failure occurs between a LAC and an LNS.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(15a)
Cisco IOS Release 12.3(15a) is a rebuild release for Cisco IOS Release 12.3(15). The caveats in this section are resolved in Cisco IOS Release 12.3(15a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCsa78812
Symptoms: Login authentication fails without prompting for a password when an invalid user name is entered.
Conditions: This symptom has been observed when the "local" method is being used for authentication and if it is followed by either "enable" or RADIUS/TACACS+ groups with servers that do not respond.
Workaround: If the Login authentication method list is being configured with "local" as one of the methods, it should be either the last method or should be followed by RADIUS/TACACS+ with servers which respond to the authentication request. Avoid configuring "enable" following "local".
•CSCsb27960
Symptoms: When the local method is used at the beginning of a PPP authentication method list and when a user does not exist in the local database, failover to the next method in the method list does not occur. This situation prevents users that are listed in the database of a RADIUS or TACACS+ server from being authenticated.
Conditions: This symptom is observed on a Cisco router that is configured for AAA.
Workaround: Temporarily remove the local method from the beginning of the method list.
Interfaces and Bridging
•CSCsa94002
Symptoms: A Cisco 7500 series router may experience an unexpected Versatile Interface Processor (VIP) restart.
Conditions: This symptom occurs when a Fast Ethernet interface installed in the VIP is configured for 802.1q trunking, there is a QoS service policy applied to one of the subinterfaces, and an untagged frame (i.e., on the native VLAN) needs to be sent from the router.
Workaround: Disable QoS on all 802.1q subinterfaces or do not configure a native VLAN.
IP Routing Protocols
•CSCeh47763
Symptoms: A Cisco router may erroneously send ACK packets in response to RST packets for non-local TCP sessions. This can cause high CPU utilization on the router.
Conditions: This symptom occurs when using Port Address Translation (PAT).
Workaround: Use the clear ip nat translation * command.
•CSCin65241
Symptoms: IS-IS redistribute commands are not synchronized to the standby RP. The routes that depend on these commands fail after a switchover.
Conditions: This symptom is observed on a Cisco 7500 series but is platform-independent.
Workaround: There is no workaround.
ISO CLNS
•CSCsa72878
Symptoms: A Cisco router running IS-IS routing for CLNS might not populated the router's IS-IS database or routing table for a directly-connected ES neighbor even if the CLNS adjacency comes up correctly.
Conditions: This symptom has been observed on routers with IS-IS configured for CLNS routing.
Workaround Enter the clear isis command.
•CSCsa90719
Symptoms: A router running Cisco IOS software will reload unexpectedly, when the no passive-interface command is issued under the router isis configuration.
Conditions: This symptom has been observed when the interface is configured to run ISIS and later changed to passive interface.
Workaround: Disable ISIS on the interface before changing it to passive, using the no ip router isis interface command.
Miscellaneous
•CSCec32603
Symptoms: If the ima-group command and the interface atm 0/ima group- number command were configured and saved, the ima-group command cannot be properly removed from ATM interface after the router reloads. The router rejects the no ima-group command with a console output message "config in process please re-enter command". If an attempt is made to remove the mode atm [aim] command from the E1 controller and unconfigure the IMA interface, the router crashes.
Conditions: This symptom has been observed when an IMA group is created using the ATM interface from the WIC slot with AIM-ATM.
Workaround: Configure a valid IP address under the ATM interface from the WIC.
•CSCee41831
Symptoms: A SegV exception may occur on a router when you enter the write memory or copy running-config startup-config command.
Conditions: This symptom is observed on a Cisco 1700 series and Cisco 2600 series when you enter the write memory or copy running-config startup-config command and when the NVRAM is corrupted.
Workaround: Erase the NVRAM and then enter the write memory or copy running-config startup-config command.
•CSCeg17954
Symptoms: Data MDT messages drops are seen at the socket level.
Conditions: This symptom has been observed when a large number of data MDT are signaled at the same time.
Workaround: There is no workaround.
•CSCeh58163
Symptoms: Late collisions are seen on Ether 0 interface of WIC-1ENET even though it is configured as FULL duplex. The following messages are displayed:
Mar 30 13:43:27: %PQUICC_ETHER-5-LATECOLL: Unit 0, late collision error Mar 30 13:45:41: %PQUICC_ETHER-5-LATECOLL: Unit 0, late collision error Mar 30 13:46:18: %PQUICC_ETHER-5-LATECOLL: Unit 0, late collision error Mar 30 13:51:55: %PQUICC_ETHER-5-LATECOLL: Unit 0, late collision error Mar 30 13:57:40: %PQUICC_ETHER-5-LATECOLL: Unit 0, late collision error
Conditions: The symptom has been seen only after a router is reloaded with a cable disconnected.
Workaround: Enter a shutdown command followed by a no shutdown command or enter a clear interface command.
•CSCei05553
Symptoms: A Modular QoS CLI (MQC) CoS marking disappears after you reload a router and QoS does not work.
Conditions: This symptom is observed on a Cisco 1721 that runs Cisco IOS Release 12.3(14)T4 and that is configured with MQC class-based weighted fair queueing (CBWFQ). The policy map is configured with a class using CoS marking via the set cos command. After the router has reloaded, the CoS marking is still present in the configuration but does not appear in the output of the show policy-map interface command.
Workaround: Remove and re-apply the service policy on the main interface.
•CSCei08458
Symptoms: The FIB may be disabled or the output interface may be stuck on an A3 ATM port adapter.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM.
Workaround: Reload the microcode or perform an OIR to recover the A3 ATM port adapter.
•CSCsa63913
Symptoms: Dial-out fails on Cisco NM-16AM(-V2) and Cisco NM-30DM modems when a WIC-AM is also in the router.
Conditions: This symptom has been observed on a Cisco 3800 router with a WIC- AM installed.
Workaround: Remove the WIC-AM temporarily.
•CSCsa64278
Symptoms: The "CallID not found" error message is generated several times, followed by a call failure.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for Tcl IVR.
Workaround: There is no workaround.
•CSCsa82172
Symptoms: Calls are unsuccessful to a Cisco MGCP Gateway.
Conditions: Under high call volume, the Cisco MGCP trunking gateway sends 400 <TransID> Call Setup Failed in response to a CRCX.
Workaround: There is no workaround.
•CSCsb01043
Symptoms: When a Turbo ACL classification table grows beyond a certain size, a memory allocation failure may occur or the router may crash.
If the router runs Cisco IOS Release 12.3, memory corruption may occur, causing the router to crash. If the router runs Cisco IOS Release 12.2S, an error message similar to the following may appear during a Turbo ACL compilation, the compilation will fail, and a recompilation is forced:
%SYS-2-CHUNKBADELESIZE: Chunk element size is more than 64k for TACL Block -Process= "TurboACL", ipl= 0, pid= 82
These symptoms do not occur because of an out-of-memory condition.
Conditions: This symptom is observed on a Cisco router that is configured for Turbo ACL. The Cisco 10000 series is not affected.
Workaround: Monitor the output of the show access-lists compiled command and force the Turbo ACL tables to be cleared if a table is at risk of growing large enough to trigger the symptoms.
The tables that have significant sizes are the first and third tables shown next to "L1:" and the first table shown next to "L2:". When the number after the slash for one of these tables is greater than 16384 for the "L1" tables or greater than 32768 for the "L2" table, the table is already too large and the symptom may occur any moment.
When the number is in the range from 10924 to 16384 inclusive for the "L1" tables or the range from 21846 to 32768 inclusive for the "L2" tables, the table size will be too large on the next expansion. An expansion occurs when the number to the left of the slash reaches 90 percent of the value to the right of the slash. When the value to the left of the slash approaches 90 percent of the value to the right, enter the no access-list compiled command followed by the access-list compiled command to disable and re-enable Turbo ACL. Doing so causes the tables to be cleared and, therefore, delay the expansion. This workaround may be impractical when there is a high rate of incoming packets and when entries are added frequently to the tables.
Alternative Workaround: Disable Turbo ACL by entering the no access-list compiled command.
Note that neither of these workarounds are supported on a Cisco 7304 that is configured with an NSE-100: there is no workaround for this platform.
•CSCsb09190
Symptoms: A router misses an entry in its label forwarding table, which is shown in the output of the show tag-switching forwarding-table EXEC command for the missing entry and in the output of the show ip cef detail EXEC command for the prefix.
Conditions: This symptom is observed on a Cisco router that is configured for Multiprotocol Label Switching (MPLS) and that learns its routes through iBGP from redundant route reflectors (RRs) when BGP labeling is not enabled.
Workaround: There is no workaround. However, when you enter the clear ip route EXEC command for the affected prefix, the prefix is reinstalled in the label forwarding table.
TCP/IP Host-Mode Services
•CSCeh54596
Symptoms: A router that is configured as an SSH client may hang.
Conditions: This symptom is observed when you attempt to make a connection to an SSH server by entering the ssh -l userid ip-addr command.
Workaround: There is no workaround.
Wide-Area Networking
•CSCeh11994
Symptoms: A reply of an LNS to a LAC may be delayed.
Conditions: This symptom is observed on a Cisco router that is configured as an LNS that has several tunnels to different LACs.
Workaround: There is no workaround.
•CSCeh48987
Symptoms: The CEF-Dialer feature fails to add an adjacency for a Virtual-Access1 CEF interface.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS interim Release 12.3(14.10).
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(15)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(15). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(15). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Access Server
•CSCeb41363
Symptoms: Handset calls may intermittently be reported with values in RADIUS accounting attribute 77, 197, and 255.
Conditions: This symptom is observed on a Cisco AS5800.
Workaround: There is no workaround.
Basic System Services
•CSCds33629
Symptoms: Closing an existing Telnet session may cause a router to crash.
Conditions: This symptom is platform-independent
Workaround: There is no workaround.
•CSCed44414
Symptoms: When the slave RSP crashes, a QAERROR is observed in the master console, resulting in a cbus complex. The cbus complex will reload all the VIPs in the router.
Conditions: This symptom happens when the slave crashes in a period when there is a large number of packets going towards the RSP. A large number of packets go to the RSP when CEF switching is configured or when routing protocol updates are numerous.
Workaround: There is no workaround.
•CSCed71593
Symptoms: When the radius-server retransmit 1 command is enabled on a NAS, the number of retransmit counts for a transaction with MS-IAS is more than the expected value.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS interim Release Cisco IOS 12.3(7.4).
Workaround: There is no workaround.
•CSCef84254
Symptoms: When the ATM Software Segmentation and Reassembly (SAR) feature is enabled, OAM drops may occur, which may cause PVCs to go down.
Conditions: This symptom is observed on a Cisco 2600 series and Cisco MC3810 that have ATM PVCs that are configured for any type of ATM QoS (VBR-nrt, UBR, UBRr+, and so on) and that have VCs that function at less than the line rate.
Workaround: Configure a VC (with any QoS type) to function at the line rate.
Possible Alternate Workaround: Remove the OAM configuration.
•CSCeg41120
Symptoms: The configuration of the snmp-server host command overrides an existing entry.
Conditions: This symptom is observed when the snmp-server host command is used in conjunction with port numbers. When you configure multiple host entries with the same host address but with different port numbers, the existing entries are overridden.
Workaround: Do not configure multiple host entries with the same host address but with different port numbers.
•CSCeg41734
Symptoms: The console of a router may stop responding and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(6b) and that is configured with an NPE-G1 when the native Gigabit Ethernet interfaces of the NPE-G1 are used. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCeg52893
Symptoms: Several tty lines may become stuck in the "Carrier Dropped" modem state. You can verify this situation by entering the show line line-number EXEC command for an individual line. However, when you enter the show line EXEC command (that is, you do not enter a value for the line-number argument), the output shows that the same tty lines are active (that is, they are in the "*" state):
......
I 2/47 Digital modem - DialIn - - - 7 0 0/0 - Idle
I 2/48 Digital modem - DialIn - - - 7 0 0/0 - Idle
* 2/49 Digital modem - DialIn - - - 5 0 0/0 - Carrier Dropped
I 2/50 Digital modem - DialIn - - - 7 0 0/0 - Idle
I 2/51 Digital modem - DialIn - - - 13 0 0/0 - Idle
I 2/52 Digital modem - DialIn - - - 10 0 0/0 - Idle
......
In addition, both the output of the show users EXEC command and the output of the show caller EXEC command do not show a user or caller name or show an incorrect user or caller name. The output of the show caller EXEC command does show that the service is "TTY."
Conditions: These symptoms are observed on a Cisco AS5400 that is configured for modem dialin with PPP and EXEC connectivity and for login authentication via a TACACS+ server.
Workaround: To clear the stuck line, enter the clear port slot/port EXEC command.
•CSCeg64124
Symptoms: The operation result of an IP SLA jitter probe shows a high packet MIA that is equal to the jitter's number of packets minus one. In the responder router, the responder debug message shows many error packets.
Conditions: This symptom is observed when multiple jitter probes (either from the same router or from different routers) are configured to send packets to the same destination IP address and the same destination port number and when the responder is turned off for a short time and turned on again.
Workaround: To prevent the symptom from occurring, configure the jitter probe to use a unique destination port number.
Alternate Workaround: If the symptom has occurred, turn off the responder by entering the no rtr responder global configuration command, wait until all jitter probes report "No connection," and then turn on the responder by entering the rtr responder global configuration command.
•CSCeh04755
Symptoms: When you reload a router by entering the reload command, the router may unexpectedly enter the ROMmon mode and generate the following error message:
%SYS-5-RELOAD: Reload requested by console.
Reload Reason:Reload command.
monitor: command "boot" aborted due to user interrupt
rommon 1 >Conditions: This symptom is observed only on a Cisco 7200 that is configured with an NPE-G1, and on UBR7246VXR with UBR-NPE-G1
Workaround: Enter the confreg 0x2002 command.
•CSCsa53912
Symptoms: You cannot log on when a TACACS+ server is used for authentication. You get a message that authentication fails and you are asked again to enter your user name.
Conditions: This symptom is observed when you make a Telnet connection to a router that is configured for TACACS+ after you have entered you user name and your TACACS password.
Workaround: Configure the TACACS+ single connection option by entering the tacacs-server host host-name single-connection command.
IBM Connectivity
•CSCeg78046
Symptoms: A router that is configured for BSTUN and BIP may generate an "%ALIGN-3-SPURIOUS" memory access error message.
Conditions: This symptom is observed when you change the BSTUN BIP configuration on an interface that is processing traffic.
Workaround: Shut down the interface that is configured for BSTUN and BIP before you make any configuration changes.
•CSCeh18295
Symptoms: DLSw circuits do not connect.
Conditions: This symptom is observed when DLSw Ethernet redundancy is configured via the dlsw transparent switch-support command.
Workaround: Recycle DLSw on the master router.
Further Problem Description: The output of the show dlsw transparent cache command shows the NEGATIVE state for the circuits on the master router although no actual circuits exist on either the master router or the slave router.
•CSCsa45750
Symptoms: DLSw circuits are established over the same peer connection when there are multiple remote peer connections to the same remote MAC address.
Conditions: This symptom is observed when DLSw load-balancing is configured and when there are multiple peers that have the dlsw icanreach mac-address mac-addr command enabled with the same remote MAC address for the mac-addr argument.
Workaround: Bounce the DLSw peer connection either by entering the dlsw disable command or by removing and reconfiguring the DLSw remote peer statement.
Further Problem Description: You can verify that the symptom occurs when the output of the show dlsw reachability command does not show the remote peer with the MAC address displayed as UNCONFIRMED or FOUND.
Interfaces and Bridging
•CSCef01220
Symptoms: A Versatile Interface Processors (VIP) with a PA-MC-8TE1 port adapter may report its memory size as unknown even though the VIP appears to function normally, and Distributed Multicast Fast Switching (DMFS) may fail to function properly.
Conditions: This symptom is observed on a Cisco 7500 series when any of the following conditions are present:
–The mode of the controller of the PA-MC-8TE1 port adapter is not set to T1 or E1 and you insert or remove another VIP with any port adapter via an OIR.
–Irrespective of whether or not the mode of the controller of the PA-MC-8TE1 port adapter is set to T1 or E1, you insert or remove a standby RSP via an OIR.
Workaround: Enter the card type {t1 | e1} slot [bay] command on the PA-MC-8TE1+ port adapter and ensure that none of the controllers on this port adapter are shut down.
•CSCef23253
Symptoms: When you activate a serial interface on a PA-MC-8TE1+ port adapter that is installed in a VIP, dCEF may be disabled on the slot in which the PA is installed (in this example, in slot 3) and the following error message is generated:
%FIB-3-FIBDISABLE: Fatal error, slot 3: IPC Failure: timeout
The output of the show controller vip 3 logging command may time out, indicating problems with IPC.
The failure may cause additional error messages or may cause the VIP to reset, affecting all port adapters that are installed in the VIP.
Conditions: This symptom is observed on a Cisco 7500 series with a faulty PA-MC-8TE1+ port adapter that is installed in a VIP.
Workaround: There is no workaround. This fix for this caveat eases the detection of a faulty port adapter (see below).
Further Problem Description: The fix for this caveat will detect and shut down a faulty port adapter so that the VIP and the other port adapters in the VIP are not affected. The error message that is added by the fix is the following:
%VIP2 R5K-1-MSG: slot3 PA BAD - disabling the PA in bay 1
This message indicates that the PA-MC-8TE1+ in bay 1 is faulty and must be replaced.
•CSCeg17576
Symptoms: Traffic loss may occur when you enter the ip multicast-routing and ip pim commands on an Ethernet interface that is already configured for Xconnect.
Conditions: This symptom is observed only on a Cisco 7200 series and Cisco 7500 series.
Workaround: To enable Xconnect traffic to resume, unconfigure and reconfigure the Xconnect statement on the Ethernet interface.
•CSCeg73645
Symptoms: A Versatile Interface Processor 2-50 (VIP2-50) crashes because of a Cybus error with DMA receive errors.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.1 and that is configured with a PA-2FE that is installed in a VIP2-50. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCeh10624
Symptoms: A Cisco 7206VXR may reload unexpectedly because of a bus error.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(10a) and that is configured with an NPE-G1 and a couple of PA-MC-8TE1+ port adapters. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCeh17935
Symptoms: When you perform an OIR of an ATM port adapter, tracebacks are generated.
Conditions: This symptom is observed on a Cisco 7200 series when the ATM port adapter is up and has a VC configured.
Workaround: There is no workaround.
•CSCeh43864
Symptoms: The line protocol on the POS interface of a PA-POS-OC3 port adapter flaps continuously.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS interim Release 12.3(14.10) but may also occur in other releases.
Workaround: There is no workaround.
•CSCin67809
Symptoms: CEF, dCEF, and fast-switching counters are not accurate on outbound serial E1 or T1 interfaces.
Conditions: This symptom is observed on a Cisco 7200 series when CEF, dCEF, and fast-switching are enabled on a serial E1 or T1 interface.
Workaround: There is no workaround.
•CSCin86455
Symptoms: Auto-provisioning may be disabled on a Cisco 7200 series that is configured with a PA-A3 port adapter.
Conditions: This symptom is observed when a VC class that is configured for create on-demand is attached to the main ATM interface and then the create on-demand configuration is removed and re-applied to the VC class.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ATM interface of the PA-A3 port adapter.
•CSCin86673
Symptoms: A VC may become stuck and stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-A3 or PA-A6 port adapter when there is a high traffic load and when the QoS class of the VC is changed.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that contains the affected VC.
•CSCsa46510
Symptoms: When you enter the microcode reload command, an error message similar to the following and a traceback may be generated:
RSP-3-RESTART: interface Serial3/0/1/4:0, not transmitting -Traceback= 404436B4 4044DE10
Conditions: This symptom is observed on a Cisco 7500 that is configured with a E1, T1, E3, or T3 port adapter.
Workaround: There is no workaround.
•CSCsa83897
Symptoms: A channelized T3 port adapter cannot detect C-bit errors and does not shut down after continuous C-bit errors.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a channelized T3 port adapter.
Workaround: There is no workaround.
•CSCsa83907
Symptoms: Layer-1 alarm handling does not meet the ANSI T1.231 standard on a PA-A3-T3 interface. The PA-A3-T3 port adapter does not provide a soaking time to declare and clear near-end failures such as LOS, LOF, and AIS. Also, PA-A3-T3 interfaces do not properly handle P-bit and C-bit errors and do not bring down the controller when the threshold is reached for such errors.
Conditions: These symptoms are observed on a Cisco 7200 series that is configured with a PA-A3-T3 port adapter.
Workaround: There is no workaround.
IP Routing Protocols
•CSCef60452
Symptoms: A router may stop receiving multicast traffic.
Conditions: This symptom is observed rarely during convergence when a router receives a Join message on an RPF interface and when a downstream router converges faster than the first router that receives the Join message.
In this situation, the router does not populate the RPF interface into the OIL (that is, the OIL remains null) because the old SP-tree has already been pruned by the downstream router. When the RPF interface of the router changes to the new path later, it does not trigger a Join message toward the multicast source until the router receives a next periodic Join message from the downstream router and populates the OIL. As a result, multicast traffic stops temporarily but no longer than the periodic Join message interval.
Workaround: There is no workaround.
•CSCef60659
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef85199
Symptom: The router can crash when there is continuous flow of traffic and entire mroute table is cleared via clear ip mroute * command or unconfiguring multicast.
Conditions: This symptom is observed during a test on a Cisco router with the Network Service Engine 100 (NSE-100) when there is continuous flow of traffic and entire mroute table is cleared via clear ip mroute * command or unconfiguring multicast. The crash was only seen on a Cisco router with the Network Service Engine 100 (NSE-100).
Workaround: There is no workaround.
•CSCef93215
Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the "ospf_build_one_paced_update" process.
Conditions: This symptom is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel within a particular OSPF area. The symptom may occur at any time without any specific changes or configuration and is not specifically related to any type of LSA.
Workaround: There is no workaround.
Further Problem Description: The symptom is very unlikely to occur. The symptom does not occur on a router that has exclusively stub areas and NSSA areas. The symptom may occur when a router does not have exclusively stub areas and NSSA areas.
•CSCef95026
Symptoms: When interfaces flap, a Cisco router may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when OSPF accesses a freed LSDB entry.
Workaround: There is no workaround.
•CSCeg19442
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•CSCeg35811
Symptoms: A platform (that is, a switch or a router) may crash when you enter the ip routing command followed by the configure memory command and the no ip routing command multiple times. Multiple tracebacks may also be generated.
Conditions: The symptom is observed on a Cisco platform that functions as the master in a stacked environment and that is configured for OSPF. The symptom is more likely to occur when the platform functions under a heavy traffic load.
Workaround: Do not enter the ip routing command followed by the configure memory command and the no ip routing command multiple times.
•CSCeg52659
Symptoms: A Cisco 7200 series may not withdraw a BGP route from an iBGP peer.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(3) when the clear ip bgp neighbor-address soft out command is entered for one of the members of the peer group of which the Cisco 7200 series is a member and when some changes to the outbound policy are made to the same member of the peer group. This situation causes some prefixes to remain struck in the other members of the peer group.
The symptom is a very old behavior of the BGP peer group functionality: when one member of a peer group is cleared via either a hard reset or a soft reset and a policy change causes some of the prefixes to be withdrawn, inconsistencies may occur in the routes on the other members of the peer group.
Workaround: For peer groups and neighbors that are members of a peer group, do not enter the BGP neighbor-specific clear ip bgp neighbor-address soft out command or the clear ip bgp neighbor-address command. Rather, enter the peer group-specific clear ip bgp peer-group-name soft out command or the clear ip bgp peer-group-name command.
•CSCeg52889
Symptoms: TE tunnels do not come up.
Conditions: This symptom is observed when a new loopback interface is created with an IP address on an MPLE TE head router that is configured with MPLS TE tunnels and when you reload the router. The symptom occurs because of a change in router ID.
Workaround: Shut down the newly created loopback interface, save the configuration, and reload the router.
•CSCeg74205
Symptoms: In a simple network that consists of two routers, SPF calculations occur every minute although no topology changes occur.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS release later than Release 12.3(6b) or Release 12.3(7)T4 and that functions as an ABR router when there are static routes in the network.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(6b) and Release 12.3(7)T4: SPF calculations do not occur every minute.
•CSCeh14015
Symptoms: Connected routes cannot be redistributed from one protocol to another.
Conditions: This symptom is observed on EIGRP routes when you enter the shutdown command followed by the no shutdown command. The symptom may also affect other routing protocols.
Workaround: There is no workaround.
•CSCin84644
Symptoms: After a switchover, routes are removed from a neighbor.
Conditions: This symptom is observed when an EIGRP router is configured as a stub router and when a switchover occurs.
Workaround: Enter the clear ip eigrp neighbors command.
•CSCsa59600
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCuk54787
Symptoms: When a route map is configured, routes may not be filtered as you would expect them to be filtered.
Conditions: This symptom is observed on a Cisco router that is configured for BGP and that functions in an MPLS VPN environment.
Workaround: There is no workaround.
Further Problem Description: The symptom does not occur for redistributed route maps.
ISO CLNS
•CSCuk55515
Symptoms: Fifty percent of the packets that are destined for an IP-over-CLNS tunnel (CTunnel) are dropped by CEF.
Conditions: This symptom is observed when the router is configured for IPv4 CEF switching and when the next hop for the CEF-switched packets must be reached via the CTunnel.
Workaround: There is no workaround.
Miscellaneous
•CSCdv07156
Symptoms: A router that is configured with thousands of RIP routes may crash when multiple links flap.
Conditions: This symptom is observed on a Cisco router that is configured for RIP.
Workaround: There is no workaround.
•CSCdy88212
Symptoms: When you enter the no match ip address access-list-name... route-map configuration command on a line card, the command is not removed and remains active, preventing Policy Based Routing (PBR) from being updated.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2, 12.3, or 12.4.
Workaround: There is no workaround.
•CSCeb60397
Symptoms: A router crashes when you run the expValueCounter64Val object in the Expression MIB.
Conditions: This symptom is observed on a Cisco router when the expObjectSampleType object is set to delta (2) in the expValueCounter64Val object.
Workaround: There is no workaround.
•CSCed21063
Symptoms: On a headend of an MPLS TE tunnel, a tag may be changed to an implicit null label when a RESV message is received with a different label than the one that was previously programmed. On the midpoint of the MPLS TE tunnel, the label is deprogrammed altogether for several seconds (15 to 30 seconds), causing a label mismatch to occur between the headend and the midpoint and packets to be lost.
Conditions: This symptom is observed when a non-cisco P router changes the label on a TE tunnel without issuing a tear message. This situation causes a Cisco router to receive a RESV message with a different label than the one that was previously programmed and causes the Cisco router to program an implicit null label for the IP address that is associated with the tunnel.
Workaround: To restore proper traffic flowing, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected tunnel interface.
•CSCed66010
Symptoms: The endpoint max-calls h323id gatekeeper configuration command works only in one direction.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.3(5b) but may also occur in Release 12.3 T. When the limit that is defined in the endpoint max-calls h323id gatekeeper configuration command is reached, calls are only restricted via an ARJ message when they are originated at the endpoint that is defined in the endpoint max-calls h323id gatekeeper configuration command. Calls that are originated at any other gateway and that are terminated at the gateway that is defined in the endpoint max-calls h323id gatekeeper configuration command are not rejected by the gatekeeper via an ARJ message as they should be.
Workaround: There is no workaround.
•CSCed83616
Symptoms: A Cisco router may reload when you enter the show standby or show standby brief command.
Conditions: This symptom is observed on a Cisco Multiprocessor WAN Application Module MWAM) when multiple HSRP groups are configured and unconfigured in a loop while traffic for the HSRP groups is being processed. The symptom may be platform-independent.
However, a stress scenario in which many HSRP groups are configured and unconfigured while the show standby or show standby brief command is executed may be a rather uncommon scenario.
Workaround: Do not to enter the show standby or show standby brief command while configuration changes are being made.
•CSCee28332
Symptoms: MLP may fail or may be rejected on a PE router.
Conditions: The symptom is observed on a Cisco 7500 series that functions as a PE router after a connected CE router is reloaded with a different Cisco IOS software image that it ran before.
Workaround: Create a new multilink interface on the PE router or reload the VIP for the bundled physical interface on the PE router.
•CSCee54143
Symptoms: An E1 port on a PA-MC-8T1 port adapter may stay down after a VIP crash.
Conditions: This symptom is observed on a Cisco 7513 that is configured with a VIP in which a PA-MC-8T1 port adapter with a channelized E1 (or T1) port is installed in slot 0.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected interface.
•CSCee63580
Symptoms: A Cisco router crashes with a software forced exception.
Conditions: This symptom is observed when a large number of PPPoA and/or PPPoE sessions with multiple SSG services are active at the same time.
Workaround: There is no workaround.
•CSCee69887
Symptoms: A dual SRP ring fails to become active completely due to an is-type mismatch. The output of the show clns neighbors command indicates that a certain system interface remains in the "Init" state indefinitely, although the output of the show ip interface brief command shows that this interface is up.
Conditions: This symptom is observed when a dual SRP ring is configured on three routers that run Cisco IOS Release 12.2S. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCef25686
Symptoms: A number of PVCs may become locked in an inactive state, and the following type of error message may appear in the log:
%ATM-3-FAILREMOVEVC: ATM failed to remove VC(VCD=X, VPI=X, VCI=X) on Interface ATM X/X/X, (Cause of the failure: PVC removal during recreation failed)
Conditions: This symptom is observed when you change the parameters of a VC class while the PVC is active and while you view the PVC status in the output of the show atm vc interface interface-number command.
The symptom occurs when you change the PVC speed in a VC class via one Telnet (or console) session and you enter the show atm vc interface interface-number command via another Telnet (or console) session.
Workaround: To remotely resolve the symptoms, remotely initiate an HA failover or remotely reload the affected router.
•CSCef28975
Symptoms: A router that functions as an H.323 gateway crashes.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when authentication is enabled.
Workaround: Enter the no memory lite command.
•CSCef30928
Symptom: A DHCP server does not add secure ARP entries for DHCP clients that send their initial DHCP request.
Conditions: This symptom is observed on a DHCP server that assigns IP addresses to DHCP requests that are received on an unnumbered interface.
Workaround: Use a shorter lease time. Subsequent renewals from the DHCP clients convert the client's ARP entries to secure ones.
•CSCef51328
Symptoms: A voice call fails when it rotates on a Cisco Multiservice IP-to-IP Gateway (IPIPGW).
Conditions: This symptom is observed when all of the following conditions are present:
–The OGW runs an image of Cisco IOS Release 12.3 such as Release 12.3(9a).
–Extended capabilities such as T.38 Fax are enabled on the OGW.
–The EmptyCapability feature is enabled on the IPIPGW.
–The voice call is rotated on the IPIPGW because the TGW does not answer.
Workaround: There is no workaround.
•CSCef59507
Symptoms: A failed LDP session may still show up in the output of the show mpls ldp neighbors command as well as the new working session after the neighborship is re-established. The display of two sessions, one not working and one working to the same neighbor, may mislead the MPLS network operator.
Conditions: This symptom may occur after an LDP session has gone down and then re-established.
Workaround: There is no workaround.
•CSCef68975
Symptoms: Context-based Access Control (CBAC) fails to pass H.245 packets through a router, and the following error message is generated:
Corrupted header, version number 3, reserved 7C, header size 101
Conditions: This symptom is observed on a CIsco router when the ip inspect command is configured for H.323 in a configuration in which one gateway runs H.323 version 2 and is connected via the router to another gateway that runs H.323 version 4.
Workaround: Ensure that all gateways run H.323 version 4.
•CSCef77013
Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected Cisco IOS and Cisco IOS XR devices, and may also result in a crash of the affected Cisco IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml.
•CSCef82962
Symptoms: A call treatment only plays a busy tone instead of the audio file that is configured in the call treatment.
Conditions: This symptom is observed when call treatment is configured on a router that functions as a Cisco CallManager Express (CME) and when the call threshold is met.
Workaround: There is no workaround.
•CSCef89947
Symptoms: When IPSec tunnels are functioning in SSO mode, and shortly after the tunnels are established, the console of the standby router repeatedly displays the "error coming back 000F" error message and IPsec SAs are not synchronized.
Conditions: This symptom is observed when you build 500 IPSec tunnels in SSO mode on a Cisco 7200 series.
Workaround: Do not configure the IPSec tunnels to function in SSO mode.
•CSCef97768
Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.
Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).
Workaround: There is no workaround.
•CSCeg03853
Symptoms: There is no dial tone when the isdn overlap-receiving command is enabled without DID.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS 12.3(8) or Release 12.3(8)T4 when the following conditions are present:
–The isdn overlap-receiving command is enabled on the BRI interface.
–DID is not enabled on the POTS dial peer.
–The called number and the calling number are not in the setup message.
Workaround: Remove the isdn overlap-receiving command from the BRI interface.
•CSCeg04922
Symptoms: A Cisco 1760 that runs Cisco IOS Release 12.3(6c) may crash because of a SegV exception.
Conditions: This symptom is observed when the following conditions are present:
–A policy map is applied to a VLAN interface.
–The policy map includes the set cos command.
Workaround: Disable Layer 2 class of service (CoS) packet marking by entering the no set cos command.
•CSCeg05925
Symptoms: After you have entered the shutdown interface configuration command followed by the no shutdown interface configuration command on a VLAN interface, MPLS traffic is dropped.
Conditions: This symptom is observed only when MPLS static labels are configured. When an MPLS TFIB entry is created using MPLS static labels and when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the egress VLAN interface, the MPLS entry may be missing from the TFIB on the line cards or port adapters.
Workaround: Enter the clear ip route command for the affected prefix.
•CSCeg09158
Symptoms: When you place a call to an announcement server, the server plays two voice streams during the first few seconds of the call, causing you to hear a garbled voice sound.
Conditions: This symptom is observed only on a Cisco AS5xxx when two voice stream packets are mixed together. One voice stream consists of silence packets and the other of voice packets. After the voice stream with the silence packets has stopped after a few seconds, everything works fine.
Workaround: There is no workaround.
•CSCeg15065
Symptoms: After a DSP restarts, RTP packets are not sent from the DSP to a trunk connection.
Conditions: This symptom is observed on a Cisco 7200 VXR router that runs Cisco IOS Release 12.3(10a) or Release 12.3(11)T when the connection trunk command is enabled.
Workaround: There is no workaround. To re-enable the DSP to send RTP packets, enter the enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the voice port that is associated with the DSP.
•CSCeg15922
Symptoms: A DMVPN tunnel (mGRE) may not fully initialize at startup. When you enter the no shutdown command on the tunnel interface, the platform may crash with a "tunnel_protection_setup_socket" error.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2SX but may also occur in Release 12.3 or Release 12.3T.
Workaround: Create a point-to-point GRE tunnel on the spokes (instead of via mGRE) and an mGRE tunnel on the hub. Note that you need an NHRP Next Hop Server (NHS) configuration in order for the hub to learn the spokes.
Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the tunnel interface in order for the tunnel to come up. However, after you have implemented the Alternate Workaround, the crash may still occur.
Further Problem Description: The crash occurs only on a spoke router or spoke switch, not on a hub router or hub switch. Furthermore, the crash is only observed on a Cisco Catalyst 6000 series and a Cisco 7600 series and may occur with any DMVPN configuration that uses mGRE tunnels.
•CSCeg16631
Symptoms: When you enter the distribute-list interface command in a global RIP routing context and the interface that is specified in the command is a VRF interface, the command is rejected with the following error message:
% The interface is not in the same VRF as the process
Because the distribute-list interface command is not implemented in the IPv4 VRF address-family, there is no other way to filter networks received in updates via a VRF interface.
Conditions: This symptom is observed in all Cisco IOS releases that integrate the fix for CSCee32557. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee32557. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: In a configuration that is mentioned above, to filter networks received in updates, enter the distribute-list extended-ACL-reference command in which the "source-part" of the extended ACL specifies the prefixes and the "destination part" matches on the IP address of the RIP neighbor.
•CSCeg21547
Symptoms: A Cisco RPM-PR may reload unexpectedly because of memory corruption.
Conditions: This symptom is observed on a Cisco RPM-PR that is configured for Internet Protocol Header Compression (IPHC).
Workaround: There is no workaround.
•CSCeg26669
Symptoms: Pre-emption of a low-priority voice call does not occur when a higher-priority voice call is placed using an MLP prefix string.
Conditions: This symptom is observed when voice calls are placed through a T1 CAS connection.
Workaround: There is no workaround.
•CSCeg28064
Symptoms: Priority packets are dropped when a VIP is reset because of an OIR, microcode reload, or CBUS complex reset.
Conditions: The symptom is observed only on a multilink interface that has both input and output service policies enabled when the input policy is configured for policing or when the input policy is removed from the multilink interface.
Workaround: Enter the shutdown command followed by the no shutdown command on the multilink interface, or remove and re-attach the output policy.
•CSCeg31293
Symptoms: Interfaces change to the down/down state and are unable to pass traffic because interprocess communications (IPC) fails between a line card and the RP.
Conditions: This symptom is observed when a line card of a Cisco 10000 series is removed and inserted via an OIR.
Workaround: There is no workaround.
•CSCeg31430
Symptoms: A memory leak may occur on a distributed-switching router such as a Cisco 7500 series or Cisco 7600 series that has class-based policing configured.
Conditions: This symptom is observed when the router is configured with a multiple-action policer as in the following example:
Router#sh run | b <name>
policy-map <name>
class <classname>
bandwidth 50
random-detect
random-detect exponential-weighting-constant 3
random-detect precedence 0 3 9 1
random-detect precedence 7 3 11 1
police cir 50000 bc 8000 pir 119000 be 16000
conform-action transmit
exceed-action transmit
exceed-action set-prec-transmit 0
violate-action drop
queue-limit 22
Workaround: To stop the memory leak, delete one of the exceed statements.
•CSCeg35786
Symptoms: 20 percent of received faxes fails. Faxes arrive either partially, as a compressed page, or as invalid TIFF files.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(7)T when the T.37 Store and Forward Fax feature is configured and when the faxes are received by a mail server that is connected to the Cisco AS5850.
Workaround: There is no workaround.
•CSCeg38482
Symptoms: AutoRP packets are dropped because of an RPF failure.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when both the Candidate RP and Mapping Agent (MA) are configured in a VRF context and when the interface is not specified in the ip pim vrf vrf-name send-rp-discovery interface-type interface-number command. This situation may cause the MDT update source address (an address that belongs to the global table) for the MVPN to be chosen and, in turn, the AutoRP flow to be created in the downstream route with a global address as the source.
Workaround: Configure the interface that has the highest IP address in the VPN as the Candidate RP and MA.
Alternate Workaround: Configure the interface that is defined in the Candidate RP as the interface in the ip pim vrf vrf-name send-rp-discovery interface-type interface-number command.
•CSCeg47213
Symptoms: A router may crash when a PPPoA subinterface is removed.
Conditions: This symptom is observed when many PPPoA sessions are in transition.
Workaround: Shut down the subinterface, clear all the PPPoA sessions, verify that all the sessions are cleared, and then remove the subinterface.
•CSCeg51793
Symptoms: When you delete an IP VRF by entering the no ip vrf vrf-name command and you attempt to reconfigure the IP VRF before it is completely deleted, an address error exception may occur.
Conditions: This symptom is observed on a Cisco platform that is configured for MVPN.
Workaround: Wait until the IP VRF is completely deleted: enter the show ip vrf command to verify that the IP VRF is deleted before you reconfigure it.
•CSCeg53483
Symptoms: When you enter the show running-config command, a traceback may be generated because of a CPU hog condition.
Conditions: This symptom is observed when large number of class maps (2500) is configured.
Workaround: There is no workaround.
•CSCeg53889
Symptoms: The HTTP client does not check the file size limit for streaming files before caching them.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(9a), that functions as a voice gateway and voice browser in an Internet Service Node (ISN) solution, and that is configured for VXML.
Workaround: There is no workaround.
•CSCeg55584
Symptoms: A Cisco router that is configured for PPPoE may stop forwarding packets that need to be fragmented.
Conditions: This symptom is observed after a link flap occurs on the dialer interface or after you enter the clear interface command on the dialer interface.
To re-enable the affected packets to be forwarded, enter the no ip cef command followed by the ip cef command.
Possible Workaround: Enter the ip tcp adjust-mss 1400 command to force the maximum segment size (MSS) of the TCP SYN packets to be small enough to prevent the router from fragmenting the packets.
•CSCeg57594
Symptoms: Distributed cRTP does not function with a PA-MC8TE1+ port adapter.
Conditions: This symptom is observed on Cisco 7500 series that has a PA-MC8TE1+ port adapter installed that is configured for Frame Relay encapsulation.
Workaround: Use process-switching if scalability permits.
•CSCeg59923
Symptoms: The following error message is generated during a voice stress test:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel
Conditions: This is symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•CSCeg61586
Symptoms: A router may reload when PPPoA sessions are being established or torn down.
Conditions: This symptom is observed when the configuration of the ATM interface over which the sessions are received is altered.
Workaround: There is no workaround.
•CSCeg62088
Symptoms: A Cisco voice gateway may reload unexpectedly because of a bus error, pointing to an invalid address.
Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that run Cisco IOS interim Release 12.3(12.5).
Workaround: There is no workaround.
•CSCeg63430
Symptoms: One-way voice occurs when an IP phone transfers a call back to the PSTN via a Cisco AS5850 after having received the call from the PSTN via the same Cisco AS5400. The caller at the PSTN side hears the transferee at the (other) PSTN side, but not the other way around.
Conditions: This symptom is observed when the Cisco AS5850, which runs Cisco IOS Release 12.3T, connects to the PSTN via an PRI in the following topology:
Caller--Phone--PSTN--PRI--AS5850--CCM--IP Phone Transfer--CCM--AS5850--PRI-- PSTN--Transferee
Workaround: Enable MTP or the Cisco CallManager.
Further Problem Description: Although the symptom is not observed in Cisco IOS Release 12.3, the fix is included in Cisco IOS Release 12.3 as a precaution.
•CSCeg66282
Symptoms: The controller of a 1-port multichannel STM-1 port adapter (PA-MC-STM1) does not come up after the router has reloaded.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(28)S2. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCeg66913
Symptoms: A router may crash during a modem firmware upgrade.
Conditions: This symptom is observed when modem calls are still up and when modem debugging is enabled.
Workaround: Disable all debugs.
•CSCeg67788
Symptoms: The 5-minute output rate in the output of the show interfaces command is incorrect for serial interfaces that are configured on a PA-MC-8TE1+ port adapter.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2S or Release 12.3 and that is configured with a PA-MC-8TE1+ port adapter.
Workaround: There is no workaround.
•CSCeg73146
Symptoms: The input gain voice-port configuration command does not adjust the input gain level and the output attenuation voice-port configuration command does not adjust the output attenuation level.
Conditions: This symptom is observed on a Cisco router that functions as a voice gateway.
Workaround: There is no workaround.
•CSCeg76294
Symptoms: A gateway that has a higher IP address in comparison with its peer may fail to open a TCP connection for a logical channel.
Conditions: This symptom is observed during fast start when a glare condition occurs while both gateways indicate to each other (in facility or other H.225 messages) that the H.245 control channel should be opened.
Workaround: There is no workaround.
•CSCeg76309
Symptoms: A Cisco router that is configured for Cisco CallManager Express (CME) crashes intermittently during a period of two to three weeks with a "TclEvalByteCodeFromObj" SegV exception.
Conditions: This symptom is observed under normal operation when the router functions without a high CPU load.
Workaround: There is no workaround.
•CSCeg78458
Symptoms: A Cisco 836 or Cisco 837 may reload because of a software-forced crash when you request a reload with an XML file via CNS.
Conditions: This symptom is observed with a CNS Configuration Engine version 1.4 that runs on an IE2115 server. The routers run Cisco IOS Release 12.3(8)YG. The symptom could also occur in Release 12.3.
Possible Workaround: Enter the scheduler max-task-time 50000 command.
•CSCeg78674
Symptoms: When you download a Cisco IOS image from CNS via an XML file to a Cisco 836 or Cisco 837, meaningless characters are generated on the router console and an invalid memory action with an associated traceback is generated on the CNS event bus.
Conditions: This symptom is observed with a CNS Configuration Engine version 1.4 that runs on an IE2115 server. The routers run Cisco IOS Release 12.3(8)YG. The symptom could also occur in Release 12.3.
Workaround: Enter the no logging cns-events command on the router. This command is enabled by default.
•CSCeg79821
Symptoms: A Cisco 7200 VXR router crashes after running out of I/O memory because of a buffer leak in a public particle pool.
Conditions: This symptom is observed on a 7200 VXR router that runs Cisco IOS Release 12.3(9c) or Release 12.3(12) and that is configured with an NPE-G1. The symptom does not occur in Release 12.3(9).
Workaround: There is no workaround.
•CSCeg80842
Symptoms: The output of serial interfaces on a PA-MC-8TE1 may become stuck after several days of proper operation.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(10a) and that has MLP configured on the serial interfaces of the PA-MC-8TE1.
Temporary Workaround: Perform an OIR of the PA-MC-8TE1 or reload the router until the symptom occurs again.
Further Problem Description: The symptom occurs during normal operation of the router. If many errors occur on the link, the symptom is more likely to occur.
•CSCeg82614
Symptoms: A memory leak may occur in the in the "CCH323_CT" and "VTSP" processes.
Conditions: This symptom is observed on a Cisco 3660 that is configured for AAA.
Workaround: There is no workaround.
•CSCeg84558
Symptoms: A Cisco 3745 reloads because of a bus error. Just before the crash, the following error messages are generated:
%SYS-3-BAD_RESET: Questionable reset of process 149 on tty123 %SYS-3-HARIKARI: Process Exec top-level routine exited
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.2(26) or Release 12.3(12) and that has an NM-2CE1T1-PRI network module that is configured for ISDN dial-in.
Workaround: There is no workaround.
•CSCeg86187
Symptoms: The ip mroute-cache distributed interface configuration command is not retained after you reload a router.
Conditions: This symptom is observed on a Cisco 7500 series on interim images.
Workaround: After the router has reloaded, reconfigure the ip mroute-cache distributed interface configuration command on each affected interface.
•CSCeg89043
Symptoms: A Cisco gateway may reload unexpectedly because of a SegV exception at address PC 0x80FF6340.
Conditions: This symptom is observed when the gateway is configured for VoIP and fallback to an SNMP trap.
Workaround: There is no workaround.
•CSCeg90033
Symptoms: When eBGP multi-hop is configured between a PE router and a CE router and when static VRF routes are configured on the PE router to reach the CE router, the routes that are learned through the eBGP session are not populated in the LFIB table, causing packets that come from remote PE routers to be dropped.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)SXD but could also occur in Release 12.3 or Release 12.4.
Workaround: There is no workaround.
•CSCeh01182
Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.
Conditions: This symptom is observed on a Cisco voice gateway that is configured with a VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.
Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.
Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.
•CSCeh06581
Symptoms: A VAM2 fails to come up and generates the following error message:
MIPS not ready to send response (0xC0000000) after mbox_pass.
Conditions: This symptom is observed only on a Cisco 7200 series that runs the c7200-jk9s-mz image of Cisco IOS Release 12.3, 12.T, or 12.4.
Workaround: There is no workaround. Note that the symptom does not occur with other images such as the c7200-jk9o3s-mz image or the c7200-ik9s-mz image.
•CSCeh06778
Symptoms: If a default route is redistributed from RIP into BGP, then back into RIP on another router, the default route is not marked as poisoned or withdrawn on the CE router that receives the updates.
Conditions: This symptom is observed when a CE router sends the default route via RIP to a PE router, when the PE router advertises this route to a second CE router, and when the link between the first CE router and the PE router is disconnected.
Workaround: There is no workaround.
•CSCeh08415
Symptoms: The output of the show environment command shows "No answer from mbus agent" for both power entry modules (PEMFs) of a Cisco AS5850.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.2(15)ZK6 but may also occur in Release 12.3.
Workaround: There is no workaround.
•CSCeh16887
Symptoms: The unchannelized mode on a PA-MC-2T3+ port adapter does not function. The line protocol of an unchannelized interface remains down.
Conditions: This symptom is observed on a Cisco router that is configured with a PA-MC-2T3+ port adapter after you have entered the no channelized command.
Workaround: There is no workaround.
•CSCeh21613
Symptoms: When multicast is configured as part of a dial-peer configuration and you enter the shutdown command quickly followed by the no shutdown command on a voice port that is part of the dial-peer configuration, the router may generate tracebacks and may crash.
Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(11)T4.
Workaround: There is no workaround.
•CSCeh23047
Symptoms: After a manual SSO switchover, traffic in the tag switching-to-IP switching direction between an egress 1-port 10-Gigabit Ethernet Engine 4+ line card and an ingress 4-port Gigabit Ethernet ISE line card does not recover.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(31)S.
Workaround: Reload microcode onto the 4-port Gigabit Ethernet ISE line card.
•CSCeh24075
Symptoms: Packets that are larger than 4400 bytes or packets that require fragmentation may be dropped when they traverses a xDSL WIC.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6)T or a later release when a sweep ping is performed from one peer to another and when the WIC is a WIC-1ADSL, WIC-1ADSL-DG, WIC-1ADSL-I-DG, WIC-SHDSL, or WIC-SHDSL-V2.
Workaround: Avoid fragmentation on the DSL link or enter the ip mtu bytes command to change the maximum MTU to 4400 on the DSL interface.
•CSCeh25459
Symptoms: A call fails when the codec is changed from G.729 to G.711ulaw during the call.
Conditions: This symptom is observed when fax pass-through is configured and when the following events occur:
–The initial codec for the call is negotiated as G.729.
–A reinvite message with a codec change to G.711ulaw is sent to the gateway.
–The gateway accepts the change with a 200 OK message but continues to send the call with codec G.729 in the RTP stream.
Workaround: Remove the fax pass-through configuration.
•CSCeh27734
Symptoms: For recursive routes with implicit null as the local label, the FIB may point to the rewrite of the parent prefix. However, this situation may not affect any functionality.
Conditions: This symptom is observed on a router that is configured for MPLS forwarding.
Workaround: Change the affected prefix to be non-recursive.
•CSCeh27783
Symptoms: A router crashes after you have manually configured 237 IPv6 tunnels.
Conditions: This symptom is observed on a Cisco platform that is configured for IPv6 when there are more than eight paths for one IPv6 prefix. The symptom is platform-independent and not release-specific.
Workaround: There is no workaround.
•CSCeh30146
Symptoms: A WIC-1DSU-T1-V2 WAN interface card may become stuck and may not detect any alarms or loopback events but may still be able to pass traffic.
Conditions: This symptom is platform-independent.
Workaround: Enter the clear service-module serial slot|port command.
•CSCeh30975
Symptoms: The FXSLS voice port is stuck in an on-hook state, and the digital signal processor (DSP) is not released.
Condition: This symptom occurs when the FXSLS user stays offhook at the end of the call after Cisco IOS software sends a Howler tone to the FXSLS port.
Workaround: There is no workaround.
•CSCeh31306
Symptoms: A Cisco MGX RPM-PR does not boot up.
Conditions: This symptom is observed when the Cisco MGX RPM-PR does not receive the boot acknowledgement from the PXM.
Workaround: There is no workaround.
•CSCeh33913
Symptoms: NAT-PT stops working after a router is reloaded.
Conditions: This symptom is observed on a Cisco router that has a "v6v4" static NAT configuration when NAT-PT fails to install ARP entries because the router is not yet fully initialized.
Workaround: Remove and then reconfigure the mapping.
•CSCeh39561
Symptoms: A fax call may be stuck in the RINGING, ACTIVE, or FXSLS_WAIT_RELEASE_REQ state.
Conditions: This symptom is observed on a Cisco router that is configured for VoIP and fax relay during a test that includes call waiting.
Workaround: There is no workaround.
•CSCeh40183
Symptoms: A router reloads unexpectedly when the show policy interface EXEC command is entered.
Conditions: This symptom is observed on a Cisco router when two users are connected to the router and simultaneously enter the show policy interface EXEC command.
Workaround: Ensure that only one user at a time enters the command.
•CSCeh54615
Symptoms: LSPs that support AToM circuits may fail to come up.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that includes the fix for DDTS ID CSCeg74562. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeg74562. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•CSCeh56312
Symptoms: Packets are not shaped when traffic shaping is configured on a tunnel interface.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(27)SBA but may also occur in other releases.
Workaround: Configure class-based shaping. If this is not an option, there is no workaround.
•CSCeh57695
Symptoms: A PE router that is configured for MPLS VPN--Carrier Supporting Carrier drops decapsulation traffic in the direction of a CE router. Encapsulation traffic works fine and is not affected.
Conditions: This symptom is observed when MPLS VPN--Carrier Supporting Carrier is configured with Label Distribution Protocol (LDP) as the protocol between the PE router and a CE router. In some circumstances such as a BGP peer flap or a route flap, LDP may free the local label that is allocated by BGP while BGP still uses the label. The same label may be allocated later for a different prefix, causing multiple prefixes to use the same local label, and, in turn, causing connectivity for the affected prefixes to fail.
Workaround: There is no workaround.
•CSCin67253
Symptoms: A Cisco 7500 series may stop forwarding traffic via an Any Transport over Multiprotocol Label Switching (AToM) virtual circuit (VC) that is configured on an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+).
Conditions: This symptom is observed on a Cisco 7500 series that has a PA-MC-8TE1+ that is configured for Frame Relay over Multiprotocol Label Switching (FRoMPLS) or Frame Relay/ATM/Ethernet interworking when you perform an online insertion and removal (OIR) of the Versatile Interface Processor (VIP) in which the PA-MC-8TE1+ is installed.
Workaround: Remove and reconfigure the affected AToM VC.
•CSCin67741
Symptoms: A Route Processor (RP) crashes when encapsulation is removed by entering the no encapsulation command.
Conditions: This symptom is observed on a multilink interface that is configured for DLFI and that processes traffic.
Workaround: There is no workaround.
•CSCin68688
Symptoms: A Cisco 7200 series may reload unexpectedly when you perform an OIR of a PA-8T-V.35 serial port adapter. The tracebacks point to the mxt_periodic_processing routine.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-G1 and that processes a high load of AToM bidirectional traffic.
Workaround: Shut down the serial interface before you perform the OIR.
•CSCin82862
Symptoms: Multicast traffic is not switched from a multilink interface on a Cisco 7500 series that is configured for distributed multilink PPP (MLP).
Conditions: This symptom is observed when the router is reloaded or when the multilink interface flaps.
Workaround: Enter the clear ip mds linecard * command on the Route/Switch Processor (RSP).
•CSCin83445
Symptoms: Incoming multicast traffic on a distributed MLP link is process-switched.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for distributed MLP after the router has been reloaded.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink interface.
•CSCin85529
Symptoms: SSG crashes and generates tracebacks when you attempt to bring up a PPPoE session.
Conditions: This symptom is observed on a SSG platform that runs Cisco IOS Release 12.3 or interim Release 12.3(12.4)T1 when PPPoE is configured on the SSG platform and on the client.
Workaround: There is no workaround.
•CSCin86246
Symptoms: Backup calls are not initiated after you reload the router.
Conditions: This symptom is observed on a Cisco 2800 series that is configured for QoS. When the dialer interface is a designated backup interface and you reload the router, the dialer interface does enter the backup mode even though the primary interface is down.
Workaround: After you have reloaded the router, enter the shutdown command followed by the no shutdown command on the dialer interface.
•CSCin86923
Symptoms: A PVC is unexpectedly removed from an IMA interface when one or more IMA links go down.
Conditions: This symptom is observed on a Cisco router when the bandwidth that is configured for the PVC cannot be supported after one or more IMA links go down.
Workaround: Reconfigure the PVC with a bandwidth that can be supplied by the remaining IMA links.
•CSCin86954
Symptoms: A spurious memory access is generated after you have entered the show running-config command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(13) when a range of PVCs is configured on an interface or subinterface.
Workaround: There is no workaround.
•CSCin87776
Symptoms: Multilink bundles on a Cisco 7500 series may process-switch traffic instead of using dCEF, causing the CPU usage of the RSP to increase sharply and a CPU hog condition to occur.
Conditions: This symptom is observed when an RPR+ switchover occurs on a Cisco 7500 series that is configured for HA.(The switchover causes an MLP to flap.) However, the symptom may also occur on a Cisco 7500 series that has a single RP (so, without a switchover) when an MLP link flaps.
Workaround: There is no workaround. Note that the symptom does not occur when SSO is configured because the MLP state is maintained.
•CSCin88077
Symptoms: An active SP becomes stuck with an "slcp process" error when you enter the test crash command on the active RP.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series that is configured with an ATA file system but is not platform-specific. The symptom occurs because of an error in the ATA file system.
Workaround: There is no workaround.
•CSCin88303
Symptoms: The line protocol of unchannelized interfaces on a PA-MC-2T3+ port adaptor remains down although the link is up.
Conditions: This is observed when you change from the channelized mode to the unchannelized mode by entering the no channelized command on the T3 controller of the PA-MC-2T3+ port adaptor.
Workaround: There is no workaround.
•CSCin90300
Symptoms: Controllers do not come up after you have manually configured the card type for a PA-VXC-2TE1+ port adapter.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS interim Release 12.4(0.6) but may also occur in Release 12.3.
Workaround: Reload the router to enable the controllers come up.
•CSCin91677
Symptoms: The Unavailable Seconds (UAS) that are displayed in the output of the show controllers serial slot/port command are incorrect. The display of the UAS starts only after 20 contiguous severely errored seconds (SES) instead of after 10 contiguous SES.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-T3+ port adapter.
Workaround: There is no workaround.
•CSCsa43439
Symptoms: File transfers fail when you attempt to mount an NFS share from a Linux server that runs the Cisco VPN client to connect to a Cisco IOS device and when the NFS client workstation also uses the same Cisco VPN client to connect to the Cisco IOS device.
Conditions: This symptom is observed when the Cisco VPN client runs software release 4.6.0.45 and when the Cisco IOS device runs Cisco IOS Release 12.3(11)T. The symptom occurs only when both ends of the NFS connection (that is, the client and the server) use the same Cisco VPN client.
Workaround: Move the NFS server to a connection that does not require the use of the Cisco VPN client.
•CSCsa44556
Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.
Workaround: Reload the gatekeeper after you have made the configuration changes.
•CSCsa44716
Symptoms: A router that is configured for URL filter may unexpectedly reload because of a bus error.
Conditions: This symptom is observed on a Cisco router that has the Cisco IOS Firewall feature enabled.
Workaround: There is no workaround.
•CSCsa46758
Symptoms: A router that initiates a rekey uses incorrect proxy identities, causing a VPN client to reject the proxy identities and to disconnect. The log of the VPN client displays the following error message:
Invalid Proxies for requested QM negotiation: LocalProxy : ID=172.16.1.2 Protocol=0 port=0, RemoteProxy : ID=10.48.67.66/0.0.0.0 Protocol=0 port=0 : (PLMgrID:367)
Failed to process ID payload (MsgHandler:681)
Failed to process QM Msg 1 (NavigatorQM:386)
Unexpected SW error occurred while processing Quick Mode negotiator: (Navigator:2202)
Discarding IPsec SA negotiation, MsgID=F821A02A
Conditions: This symptom is observed when a VPN Client is connected to a Cisco router that runs Cisco IOS Release 12.3, when the VPN client sends a policy that includes the ip host address command to the router, and when IPSec on the router unexpectedly changes the ACL address in the policy of the VPN client.
Workaround: There is no workaround. Note that the symptom does not occur in Cisco IOS Release 12.3T.
•CSCsa48364
Symptoms: An ATM interface of a PA-A3 ATM port adaptor may stop transmitting traffic, the output of the show interface atm slot/port command may show that output drops increment, and the connectivity may stop entirely.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.7).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
Alternate Workaround: Enter the clear interface atm slot/port command on the affected interface.
•CSCsa50971
Symptoms: A Cisco platform may unexpectedly reload while attempting to resequence an access list.
Conditions: This symptom is observed when you delete a few ACEs and then immediately enter the ip access-list resequence access-list-name starting-sequence-number increment command.
Workaround: There is no workaround.
•CSCsa53006
Symptoms: A 3-port Gigabit Ethernet port adapter (EPA-GE/FE-BBRD) may crash with a redzone memory corruption that is related to the "tagsw_start_stats_process", and messages similar to the following may be generated:
%SYS-3-OVERRUN: Block overrun at 463BD398 (red zone 000010DF)
%SYS-6-BLKINFO: Corrupted redzone blk 463BD398, words 10204, alloc 40ECCDA4, InUse, dealloc 0, rfcnt 2Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S or a later release and that is configured for MPLS forwarding.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat is integrated in Cisco IOS software releases that do not support the Cisco 12000 series because the fix relates to the Tag Forwarding Information Base (TFIB) that is also used in other platforms.
•CSCsa53685
Symptoms: Incorrect VC12 defect information may be generated on a Cisco 7500 series that is configured with a PA-MC-STM-1.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(28)S1.
Workaround: There is no workaround.
•CSCsa53698
Symptoms: Fax pass-through may fail.
Conditions: This symptom is observed on a gateway that is configured for fax pass-through or T.38 with fax pass-through as the fallback method after an initial call is established, the gateway detects a fax tone, and the gateway sends a re-Invite message with a new SDP message requesting to switch to fax pass-through. However, the "o" line in the new SDP message has the same version ID as the "o" line in the initial SDP request that was sent by the gateway. If the originating gateway does not indicate that it disabled silence suppression with a "silenceSuppression=off" attribute in its SDP answer, fax pass-through fails.
Workaround: There is no workaround.
•CSCsa54608
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
•CSCsa55048
Symptoms: The content of the CEF table may be incorrect, causing less than optimal traffic conditions.
Conditions: This symptom is observed when a static route is configured in one VRF and exported with an export map into another VRF and when this static route is added on two separate PE routers.
Workaround: Do not configure the static router on both PE routers. If this is not an option, there is no workaround.
•CSCsa55375
Symptoms: A high error rate may occur on a WIC-1DSU-T1-V2. Because of the large number of errors, the interface of the WIC-1DSU-T1-V2 may not come up.
Conditions: These symptoms are observed on a WIC-1-DSU-T1-V2 that is installed in a Cisco router.
Possible Workaround: The symptoms may clear when you replace the in-house cabling with cat.5 cables.
•CSCsa65096
Symptoms: A router may crash during the boot process when the startup configuration includes the hw-module shutdown command.
Conditions: This symptom is observed on a Cisco 10000 series but is platform-independent. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsa51602. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•CSCsa65360
Symptoms: During a high bit error rate (BER) condition, the controller of a PA-MC-8TE1+ port adapter remains up, which is not in compliance with the E1 and T1 standard.
Conditions: This symptom is observed when BER data is injected into an E1 or T1 port of a PA-MC-8T1E1+ port adapter. The state of the controller does not change to DOWN after 10 seconds of a continuous severely errored seconds (SES) condition.
Workaround: There is no workaround.
•CSCsa68001
Symptoms: All incoming packets on a Frame Relay Link have the DE bit set.
Conditions: This symptom is observed on a Cisco 2811 that runs Cisco IOS Release 12.3 or Release 12.3(11)T2 under normal traffic conditions.
Workaround: There is no workaround. Note that the symptom does not occur on a Cisco 1760 that runs Release 12.3(10).
•CSCsa68978
Symptoms: Memory allocation (malloc) failures may occur on a Cisco router that functions as a gatekeeper and that runs an H.323 stack.
Conditions: This symptom is observed on the gatekeeper when gateways attempt to register a list of terminal aliases that consists of user names and H.323 IDs with the gatekeeper. The gatekeeper attempts to authenticate each terminal alias by allocating memory and sending an authentication request to the AAA server for each entry. Because the gatekeeper does not free the allocated memory when it receives a response from the AAA server, a memory allocation failure occurs eventually.
Workaround: There is no workaround.
•CSCsa69464
Symptoms: The cns inventory command does not function.
Conditions: This symptom is observed on a Cisco 1700 series that runs a reformation image.
Workaround: There is no workaround. Note that the command does function in regular Cisco IOS software images for the Cisco 1700 series.
•CSCsa78779
Symptoms: A memory leak may occur in the processor memory pool of a router that runs encrypted traffic with an SA-VAM2.
Conditions: This symptom is observed when the SA-VAM2 encrypts traffic and when underlying "no buffer" conditions exist in the I/O particle pools for the encrypted packets.
Workaround: There is no workaround.
•CSCsa78821
Symptoms: A Cisco 3725 may fail to process packets that enter through an interface of an NM-1T3/E3 network module in a timely manner. These packets may be dropped because of overruns and a poor performance of the interface.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.2T or Release 12.3.
Workaround: There is no workaround.
•CSCsa79580
Symptoms: A Cisco AS5300 that is configured with a call switching module (CSM) may generate tracebacks that are related to a B-channel IDB. This situation may cause 64-kbps digital calls to be answered by modems instead of via High-Level Data Link Control (HDLC).
Conditions: This symptom is observed on a Cisco AS5300 that runs Cisco IOS Release 12.3.
Workaround: There is no workaround.
•CSCuk52814
Symptoms: A Cisco AS5400 does not complete a circuit-switched 64k-bit/s ISDN unrestricted data call over a VoIP dial peer. The call fails with release cause code 44 (requested circuit/channel unavailable).
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.2 or Release 12.3(3g).
Workaround: There is no workaround.
•CSCuk56024
Symptoms: 6PE traffic is dropped on a PE router.
Conditions: This symptom is observed when an IPv6 prefix is first learned by an OSPF IGP on a 6PE router but then no longer received by OSPF but iBGP on the 6PE router. The label information is properly updated in the RIB but not in the FIB.
Workaround: Clear the route to restore proper forwarding.
•CSCuk56412
Symptoms: An ATM interface of a PA-A3 ATM port adaptor may stop transmitting traffic, the output of the show interface atm slot/port command may show that output drops increment, and the connectivity may stop entirely.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.7).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
Alternate Workaround: Enter the clear interface atm slot/port command on the affected interface.
TCP/IP Host-Mode Services
•CSCea75793
Symptoms: A Cisco IOS firewall may generate the following error message and traceback when it tries to establish a TCP connection with a configured third-party URL filter server that is not up:
%SCHED-3-STUCKMTMR: Sleep with expired managed timer 6336E140, time 0x16A38 (00:00:00 ago).
-Process= "URL filter proc", ipl= 4, pid= 82
-Traceback= 604161CC 60416640 604ED958 604EDC08 604F127C 60591EC8 60597854 60F7E930 60F7F430 60F7E02C 60F7E388
Conditions: This symptom is observed when the URL filtering feature of the Cisco IOS firewall uses socket APIs to communicate with the third-party filter server. When the filter server is down, an attempt by the Cisco IOS firewall to establish a TCP connection fails and causes the SCHED-3-STUCKMTMR traceback message to be displayed on the router console.
Workaround: Disable the third-party vendor filter server by entering the no ip urlfilter server vendor ip-address global configuration command.
•CSCsa62111
Symptoms: A Cisco 7200 series router may see packets stuck in the input queue.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.3(12.10) with an NPE-G1.
Workaround: Reloading the router will clear the input queue, or increasing the input queue using the hold-queue length command beyond the default limit of 75.
Wide-Area Networking
•CSCea30197
Symptoms: When the keep-exchanges argument in the frame-relay lmi-n391dte keep-exchanges command has a value that is lower than 3, Frame Relay Autosensing does not function.
Conditions: This symptom is observed on a Cisco 7500 series and Cisco 7600 series but may be platform-independent.
Workaround: Ensure that the value of the keep-exchanges argument is not lower than 3.
•CSCea75722
Symptoms: A Cisco IOS voice gateway may fail to receive a call from the public switched telephone network (PSTN) on its PRI port.
Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.2(13)T3 or Release 12.3 and that functions as a voice gateway when it does not send a Q.931 Call Proceeding message upon receiving the call.
Workaround: There is no workaround.
•CSCed50276
Symptoms: When a PRI is configured for PPP Multilink and has a dialer profile, packets that travel over the link become wedged.
Conditions: This symptom is observed on a Cisco 2600 series that runs the c2600-is-mz image of Cisco IOS Release 12.2(16). The symptom may also occur in Release 12.3. Disabling Cisco Discovery Protocol (CDP), weighted fair queuing (WFQ), or both does not prevent the symptom from occurring. When you reload the router, the symptom does not occur for months.
Workaround: Disable PPP Multilink.
•CSCee75882
Symptoms: A GEIP+ that is installed in VIP may crash.
Conditions: This symptom is observed on a Cisco 7500 series when the Gigabit Ethernet interface or the interface of its neighbor flaps.
Workaround: Stabilize the flapping interface.
•CSCef58201
Symptoms: The CEF-Dialer feature fails to add an adjacency for a virtual-access1 CEF interface because the IP route is installed after the feature attempts to add the adjacency.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS Release 12.3 or interim Release 12.3(10.3)T.
Workaround: Configure a static host entry for the neighbor in the routing table, pointing to the Dialer interface:
ip route prefix mask 255.255.255.255 Dialer1
For the prefix mask argument, enter the IP address of the neighbor.
•CSCef78529
Symptoms: A Cisco 7500 series may crash when you add or remove PPP encapsulation to or from a serial interface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS interim Release 12.3(11.4) when dLFIoATM and dLFI over Leased Line are configured on the same VIP.
Workaround: There is no workaround.
•CSCeg15248
Symptoms: Uninteresting traffic is blocked even after the link is up.
Conditions: This symptom is observed only on an interface that is configured for dialer DTR.
Workaround: There is no workaround.
•CSCeg22533
Symptoms: A signal-only call fails when an INVALID message is generated because a B-channel IDB is not found.
Conditions: This symptom is observed when ISDN PRI QSIG Voice Signaling is configured.
Workaround: There is no workaround.
•CSCeg43033
Symptoms: A Cisco 7200 series periodically shows incorrect adjacencies for the loopback address. The output of the show ip cef events ip-prefix command shows the following:
<ip-prefix>/32, version 8177, epoch 0, attached, connected
0 packets, 0 bytes
tag information set
local tag: implicit-null
via Loopback0, 0 dependencies
valid discard adjacency
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9b) and that is configured for PPP and CEF. However, the symptom maybe platform-independent.
Workaround: There is no workaround.
•CSCeg67829
Symptoms: A Cisco 7500 series may crash when you enter the microcode reload command.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM, dLFIoFR, and dLFI over leased line and that has the scheduler heapcheck process memory processor command enabled.
Workaround: There is no workaround.
•CSCeg88174
Symptoms: Drops occur in a class in which the throughput does not oversubscribe the allocated bandwidth for the class.
Conditions: This symptom is observed when multilink Frame Relay is configured along with generic traffic shaping or Frame Relay traffic shaping and when several class maps are configured.
When one class map starts dropping packets because the throughput is greater than the allocated bandwidth (which is normal behavior), drops may also occur in another class map even though this class map is not oversubscribed. The root cause of this symptom is that the bundle is oversubscribed and tx rings are building up, causing excessive misordering that the receiver cannot handle.
Workaround: Configure a fancy queue on the bundle interface through which the traffic is sent.
•CSCeg88737
Symptoms: A Cisco 7200 series may crash because of memory corruption.
Conditions: This symptom is observed when the router has an input QoS configuration on an MFR interface.
Workaround: There is no workaround.
•CSCeg90765
Symptoms: Data traffic that is received on a Multilink PPP over ATM (MLPoA) connection may be dropped.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for MLPoA and CEF switching.
Workaround: Disable CEF switching.
•CSCeh18018
Symptoms: The asynchronous resources on a NAS may remain active after a VPDN setup because the LAC does not close the L2TP session on receipt of the L2TP Call Disconnect Notification (CDN) from the LNS.
Conditions: This symptom is observed on a NAS that is configured with digital modems when the L2TP session is abnormally aborted, for example, when the L2TP session is aborted before the LNS sends an LCP termination request to the dialin user.
Workaround: Manually free the asynchronous resources on the NAS by entering the clear line line-number command or ask the remote dialin user to disconnect the modem.
•CSCeh25440
Symptoms: InvARP packets on multiple MFR bundle interfaces may be dropped, causing traffic to fail after you have reloaded microcode onto a line card that processes a high load of traffic over many PVCs on MFR interfaces.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(31)S when 42 MFR bundles are configured over 336 full T1s and when egress MQC is configured on the 42 MFR bundle interfaces. However, the symptom is not platform- and release-specific.
Workaround: There is no workaround.
•CSCeh33185
Symptoms: A POS interface on a VIP4-80 that is configured for PPP goes down and remains down.
Conditions: This symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0S only when PPP receives an LCP PROTOCOL REJECT message for PAP or CHAP. The symptom may also occur in other releases.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected POS interface.
•CSCeh34067
Symptoms: The route processor of a Cisco 7613 may crash when stress traffic is processed on all WAN links of FlexWANs in which channelized port adapters are installed and when interfaces of the channelized port adapters flap.
Conditions: This symptom is observed when the channelized port adapters are configured for MFR. The symptom may not be platform-specific.
Workaround: There is no workaround.
•CSCeh59311
Symptoms: None of the digits in INFO messages are passed to an ISDN switch.
Conditions: This symptom is observed on a Cisco 1760 that runs Cisco IOS Release 12.3(11) or Release 12.3(11)T4 when overlap is configured and when the setup acknowledgement arrives late from the terminating switch after some of the INFO messages have already been received from the OGW. The symptom may be platform-independent.
Workaround: There is no workaround.
•CSCeh62257
Symptoms: PPP does not establish new sessions.
Conditions: This symptom is observed on a Cisco router that is configured with full virtual-access interfaces when a PPP leak occurs.
Workaround: Reload the router and configure virtual-access subinterfaces instead of full virtual-access interfaces.
•CSCin88952
Symptoms: When a dialer interface is configured for legacy Dial-On-Demand Routing (DDR) for calling, a ping does not succeed, and a call is not set up.
Conditions: This symptom is observed on a Cisco platform that is configured for legacy DDR.
Workaround: Configure the dialer map on a hardware interface such as a to enable the call to be set up.
•CSCsa44139
Symptoms: When CMNS is configured with an X.25 hunt group, the CMNS connection may not be established over an Ethernet interface. This situation affects proper loadbalancing and redundancy.
Conditions: This symptom is observed when the parallel serial interface in the X.25 hunt group is down and when the CMNS connection over the Ethernet interface is not yet established when the serial interface goes down.
Workaround: Do not use an X.25 hunt group. Rather, use alternative X.25 addressing.
Alternate Workaround: Enter the clear x25 serial number ethernet number mac-address command. Doing so enables you to activate the CMNS connection.
•CSCsa48125
Symptoms: Outgoing calls fail on ISDN Non-Facility Associated Signaling (NFAS) group members that do not have a D-channel.
Conditions: The symptom is observed when outgoing calls are made via NFAS group members that have the nfas_d none keyword configured.
Workaround: There is no workaround.
•CSCsa52807
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCsa56443
Symptoms: IPCP does not come up because it does not negotiate.
Conditions: This symptom is observed on a Cisco platform when certain AAA peruser attributes are downloaded from a RADIUS server. One example is an absolute timeout or idle timeout without any other peruser attributes; such as configuration causes PPP to stall before starting IPCP.
Workaround: Configure values on the platform rather than downloading them from the RADIUS server.
•CSCsa71228
Symptoms: Callback does not occur.
Conditions: This symptom is observed when the dialer map command is configured on a dialer interface for a rotary group configuration.
Workaround: Enter the dialer string command in the dialer profile configuration.
•CSCsa73099
Symptoms: A router may run out of free memory in the processor pool as a consequence of a memory leak in the ISDN process. The output of the show memory command shows that the blocks of memory that are not freed are allocated for "AAA Event Data" or "AAA Event."
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that includes the fixes for CSCef87435 and CSCef57881 and that is configured with ISDN interfaces that are active.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(13b)
Cisco IOS Release 12.3(13b) is a rebuild release for Cisco IOS Release 12.3(13). The caveats in this section are resolved in Cisco IOS Release 12.3(13b) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Access Server
•CSCeb41363
Symptoms: Handset calls may intermittently be reported with values in RADIUS accounting attribute 77, 197, and 255.
Conditions: This symptom is observed on a Cisco AS5800.
Workaround: There is no workaround.
Basic System Services
•CSCeg62206
Symptoms: High CPU utilization may occur during the TPLUS process on a platform.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6c) and that is configured for TACACS.
Workaround: There is no workaround.
•CSCeh28173
Symptoms: After automatic recovery from an RSP-QAERROR, an IPC failure may occur between the master RSP and slave RSP or between the master RSP, slave RSP, and port adapters.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with two RSPs that function in HSA, RPR, RPR+, or SSO mode.
Workaround: Reset the slave RSP.
•CSCei61732
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
•CSCsb27960
Symptoms: When the local method is used at the beginning of a PPP authentication method list and when a user does not exist in the local database, failover to the next method in the method list does not occur. This situation prevents users that are listed in the database of a RADIUS or TACACS+ server from being authenticated.
Conditions: This symptom is observed on a Cisco router that is configured for AAA.
Workaround: Temporarily remove the local method from the beginning of the method list.
IP Routing Protocols
•CSCeh13489
Symptoms: A router may reset its Border Gateway Protocol (BGP) session.
Conditions: This symptom is observed when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.
Workaround: Configure the bgp maxas limit command in such as way that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and recorded the event in the log.
•CSCeh47763
Symptoms: A Cisco router may erroneously send ACK packets in response to RST packets for non-local TCP sessions. This can cause high CPU utilization on the router.
Conditions: This symptom occurs when using Port Address Translation (PAT).
Workaround: Use the clear ip nat translation * command.
Miscellaneous
•CSCee41831
Symptoms: A SegV exception may occur on a router when you enter the write memory or copy running-config startup-config command.
Conditions: This symptom is observed on a Cisco 1700 series and Cisco 2600 series when you enter the write memory or copy running-config startup-config command and when the NVRAM is corrupted.
Workaround: Erase the NVRAM and then enter the write memory or copy running-config startup-config command.
•CSCeg16631
Symptoms: When you enter the distribute-list interface command in a global RIP routing context and the interface that is specified in the command is a VRF interface, the command is rejected with the following error message:
% The interface is not in the same VRF as the process
Because the distribute-list interface command is not implemented in the IPv4 VRF address-family, there is no other way to filter networks received in updates via a VRF interface.
Conditions: This symptom is observed in all Cisco IOS releases that integrate the fix for CSCee32557. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee32557. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: In a configuration that is mentioned above, to filter networks received in updates, enter the distribute-list extended-ACL-reference command in which the "source-part" of the extended ACL specifies the prefixes and the "destination part" matches on the IP address of the RIP neighbor.
•CSCeg27836
Symptoms: Under some circumstances when eBGP flaps on the PE, packets from another VRF are forwarded to an incorrect interface.
Conditions: This symptom occurs when eBGP flaps on the PE.
Workaround: There is no workaround.
•CSCeg35786
Symptoms: Twenty percent of received faxes fails. Faxes arrive either partially, as a compressed page, or as invalid TIFF files.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(7)T when the T.37 Store and Forward Fax feature is configured and when the faxes are received by a mail server that is connected to the Cisco AS5850.
Workaround: There is no workaround.
•CSCeg82614
Symptoms: A memory leak may occur in the in the "CCH323_CT" and "VTSP" processes.
Conditions: This symptom is observed on a Cisco 3660 that is configured for AAA.
Workaround: There is no workaround.
•CSCeh05968
Symptoms: Distributed Sessions Manager (DSM) is flooded with DSP stats messages.
Conditions: This symptom is observed when the event pool is out of events.
Workaround: There is no workaround.
•CSCsa44556
Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.
Workaround: Reload the gatekeeper after you have made the configuration changes.
•CSCsa64278
Symptoms: The "CallID not found" error message is generated several times, followed by a call failure.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for Tcl IVR.
Workaround: There is no workaround.
•CSCsb01043
Symptoms: When a Turbo ACL classification table grows beyond a certain size, a memory allocation failure may occur or the router may crash.
If the router runs Cisco IOS Release 12.3, memory corruption may occur, causing the router to crash. If the router runs Cisco IOS Release 12.2S, an error message similar to the following may appear during a Turbo ACL compilation, the compilation will fail, and a recompilation is forced:
%SYS-2-CHUNKBADELESIZE: Chunk element size is more than 64k for TACL Block
-Process= "TurboACL", ipl= 0, pid= 82These symptoms do not occur because of an out-of-memory condition.
Conditions: This symptom is observed on a Cisco router that is configured for Turbo ACL. The Cisco 10000 series is not affected.
Workaround: Monitor the output of the show access-lists compiled command and force the Turbo ACL tables to be cleared if a table is at risk of growing large enough to trigger the symptoms.
The tables that have significant sizes are the first and third tables shown next to "L1:" and the first table shown next to "L2:". When the number after the slash for one of these tables is greater than 16384 for the "L1" tables or greater than 32768 for the "L2" table, the table is already too large and the symptom may occur any moment.
When the number is in the range from 10924 to 16384 inclusive for the "L1" tables or the range from 21846 to 32768 inclusive for the "L2" tables, the table size will be too large on the next expansion. An expansion occurs when the number to the left of the slash reaches 90 percent of the value to the right of the slash. When the value to the left of the slash approaches 90 percent of the value to the right, enter the no access-list compiled command followed by the access-list compiled command to disable and re-enable Turbo ACL. Doing so causes the tables to be cleared and, therefore, delay the expansion. This workaround may be impractical when there is a high rate of incoming packets and when entries are added frequently to the tables.
Alternative Workaround: Disable Turbo ACL by entering the no access-list compiled command.
Note that neither of these workarounds are supported on a Cisco 7304 that is configured with an NSE-100: there is no workaround for this platform.
•CSCsb09190
Symptoms: A router misses an entry in its label forwarding table, which is shown in the output of the show tag-switching forwarding-table EXEC command for the missing entry and in the output of the show ip cef detail EXEC command for the prefix.
Conditions: This symptom is observed on a Cisco router that is configured for Multiprotocol Label Switching (MPLS) and that learns its routes through iBGP from redundant route reflectors (RRs) when BGP labeling is not enabled.
Workaround: There is no workaround. However, when you enter the clear ip route EXEC command for the affected prefix, the prefix is reinstalled in the label forwarding table.
•CSCsb37645
Symptoms: A router may crash during a basic H.323 call with carrier ID routing.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).
Workaround: There is no workaround.
Wide-Area Networking
•CSCef58201
Symptoms: The CEF-Dialer feature fails to add an adjacency for a virtual-access1 CEF interface because the IP route is installed after the feature attempts to add the adjacency.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS Release 12.3 or interim Release 12.3(10.3)T.
Workaround: Configure a static host entry for the neighbor in the routing table, pointing to the Dialer interface:
ip route prefix mask 255.255.255.255 Dialer1
For the prefix mask argument, enter the IP address of the neighbor.
•CSCeh48987
Symptoms: The CEF-Dialer feature fails to add an adjacency for a Virtual-Access1 CEF interface.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS interim Release 12.3(14.10).
Workaround: There is no workaround.
•CSCsa55747
Symptoms: The RADIUS L2TP-specific disconnect code value for the Ascend-Disconnect-Cause RADIUS attribute (195) is incorrectly generated as 607 instead of 605.
Conditions: This symptom is observed when an L2TP tunnel setup failure occurs between a LAC and an LNS.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(13a)
Cisco IOS Release 12.3(13a) is a rebuild release for Cisco IOS Release 12.3(13). The caveats in this section are resolved in Cisco IOS Release 12.3(13a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Interfaces and Bridging
•CSCin86455
Symptoms: Auto-provisioning may be disabled on a Cisco 7200 series that is configured with a PA-A3 port adapter.
Conditions: This symptom is observed when a VC class that is configured for create on-demand is attached to the main ATM interface and then the create on-demand configuration is removed and re-applied to the VC class.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ATM interface of the PA-A3 port adapter.
IP Routing Protocols
•CSCeh14015
Symptoms: Connected routes cannot be redistributed from one protocol to another.
Conditions: This symptom is observed on EIGRP routes when using the shut command followed by the no shut command, but could affect other routing protocols.
Workaround: There is no workaround.
Miscellaneous
•CSCee63580
Symptoms: A Cisco router crashes with a software forced exception.
Conditions: This symptom is observed when a large number of PPPoA and/or PPPoE sessions with multiple SSG services are active at the same time.
Workaround: There is no workaround.
•CSCeg03853
Symptoms: There is no dial tone when the isdn overlap-receiving command is enabled without DID.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS 12.3(8) or Release 12.3(8)T4 when the following conditions are present:
–The isdn overlap-receiving command is enabled on the BRI interface.
–DID is not enabled on the POTS dial peer.
–The called number and the calling number are not in the setup message.
Workaround: Remove the isdn overlap-receiving command from the BRI interface.
•CSCeg04922
Symptoms: A Cisco 1760 that runs Cisco IOS Release 12.3(6c) may crash because of a SegV exception.
Conditions: This symptom is observed when the following conditions are present:
–A policy map is applied to a VLAN interface.
–The policy map includes the set cos command.
Workaround: Disable Layer 2 class of service (CoS) packet marking by entering the no set cos command.
•CSCeg15065
Symptoms: After a DSP restarts, RTP packets are not sent from the DSP to a trunk connection.
Conditions: This symptom is observed on a Cisco 7200 VXR router that runs Cisco IOS Release 12.3(10a) or Release 12.3(11)T when the connection trunk command is enabled.
Workaround: There is no workaround. To re-enable the DSP to send RTP packets, enter the enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the voice port that is associated with the DSP.
•CSCeg59923
Symptoms: The following error message is generated during a voice stress test:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel
Conditions: This is symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•CSCeg76294
Symptoms: A gateway that has a higher IP address in comparison with its peer may fail to open a TCP connection for a logical channel.
Conditions: This symptom is observed during fast start when a glare condition occurs while both gateways indicate to each other (in facility or other H.225 messages) that the H.245 control channel should be opened.
Workaround: There is no workaround.
•CSCeh24075
Symptoms: Packets that are larger than 4400 bytes or packets that require fragmentation may be dropped when they traverses a xDSL WIC.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6)T or a later release when a sweep ping is performed from one peer to another and when the WIC is a WIC-1ADSL, WIC-1ADSL-DG, WIC-1ADSL-I-DG, WIC-SHDSL, or WIC-SHDSL-V2.
Workaround: Avoid fragmentation on the DSL link or enter the ip mtu bytes command to change the maximum MTU to 4400 on the DSL interface.
•CSCin86923
Symptoms: A PVC is unexpectedly removed from an IMA interface when one or more IMA links go down.
Conditions: This symptom is observed on a Cisco router when the bandwidth that is configured for the PVC cannot be supported after one or more IMA links go down.
Workaround: Reconfigure the PVC with a bandwidth that can be supplied by the remaining IMA links.
•CSCsa46758
Symptoms: A router that initiates a rekey uses incorrect proxy identities, causing a VPN client to reject the proxy identities and to disconnect. The log of the VPN client displays the following error message:
Invalid Proxies for requested QM negotiation: LocalProxy : ID=172.16.1.2 Protocol=0 port=0, RemoteProxy : ID=10.48.67.66/0.0.0.0 Protocol=0 port=0 : (PLMgrID:367)
Failed to process ID payload (MsgHandler:681)
Failed to process QM Msg 1 (NavigatorQM:386)
Unexpected SW error occurred while processing Quick Mode negotiator: (Navigator:2202)
Discarding IPsec SA negotiation, MsgID=F821A02A
Conditions: This symptom is observed when a VPN Client is connected to a Cisco router that runs Cisco IOS Release 12.3, when the VPN client sends a policy that includes the ip host address command to the router, and when IPSec on the router unexpectedly changes the ACL address in the policy of the VPN client.
Workaround: There is no workaround. Note that the symptom does not occur in Cisco IOS Release 12.3T.
•CSCsa54608
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
•CSCuk56386
Symptoms: PPP may not correctly negotiate the use of compressed RTP which may lead to higher than expected bandwidth utilization.
Condition: The command compress header ip rtp must be used to enabled cRTP via a service policy and the policy must be attached to an interface.
Workaround: There is no workaround.
•CSCuk56412
Symptoms: An ATM interface of a PA-A3 ATM port adaptor may stop transmitting traffic, the output of the show interface atm slot/port command may show that output drops increment, and the connectivity may stop entirely.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.7).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
Alternate Workaround: Enter the clear interface atm slot/port command on the affected interface.
TCP/IP Host-Mode Services
•CSCsa62111
Symptoms: A Cisco 7200 series router may see packets stuck in the input queue.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.3(12.10) with an NPE-G1.
Workaround: Reloading the router will clear the input queue, or increasing the input queue using the hold-queue length command beyond the default limit of 75.
Wide-Area Networking
•CSCed50276
Symptoms: When a PRI is configured for PPP Multilink and has a dialer profile, packets that travel over the link become wedged.
Conditions: This symptom is observed on a Cisco 2600 series that runs the c2600-is-mz image of Cisco IOS Release 12.2(16). The symptom may also occur in Release 12.3. Disabling Cisco Discovery Protocol (CDP), weighted fair queuing (WFQ), or both does not prevent the symptom from occurring. When you reload the router, the symptom does not occur for months.
Workaround: Disable PPP Multilink.
•CSCef96591
Symptoms: When the command ppp multilink group is used on a Virtual-template interface, a router may crash with an "%Align-1-Fatal Illegal Access to a low address" error followed by a bus error exception.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10) when there are active PPP over ATM or PPP over Frame Relay sessions attached to the Virtual-template.
Workaround: Shut down all PPP over ATM or PPP over Frame Relay sessions before adding the Virtual-template to the multilink group.
•CSCeg22533
Symptoms: A call fails with INVALID message received because of not being able to find a B channel idb in case of a SIGNALLING only call.
Conditions: This symptom has been observed with a Qsig switch type.
Workaround: There is no workaround.
•CSCsa48125
Symptoms: Outgoing calls fail on ISDN Non-Facility Associated Signaling (NFAS) group members that do not have a D-channel.
Conditions: The symptom is observed when outgoing calls are made via NFAS group members that have the nfas_d none keyword configured.
Workaround: There is no workaround.
•CSCsa52807
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Resolved Caveats—Cisco IOS Release 12.3(13)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(13). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(13). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCdt67986
Symptoms: When you perform an OIR of a VIP or RSP, a loopback interface is brought out of the administrative down state.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: There is no workaround.
•CSCdz27562
Symptoms: Executing an snmpwalk command on a loopback interface causes a response that is sourced from the IP address of the physical interface.
Conditions: This symptom is observed on a Cisco 12000 series but also affects other platforms.
Workaround: Execute the snmpwalk command on the physical interface.
•CSCef58169
Symptoms: A memory leak may occur on a router that processes voice calls and that is configured for AAA. When the memory leak occurs, the CPU utilization of the router is about 60 to 70 percent.
Conditions: This symptom is observed when you run a performance test in which 400 clients download a 1-MB file from an HTTP Server and are authenticated with CiscoSecure ACS Release 3.3(1) Build 16.
Workaround: There is no workaround.
•CSCef84254
Symptoms: When the ATM Software Segmentation and Reassembly (SAR) feature is enabled, OAM drops may occur, which may cause PVCs to go down.
Conditions: This symptom is observed on a Cisco 2600 series and Cisco MC3810 that have ATM PVCs that are configured for any type of ATM QoS (VBR-nrt, UBR, UBRr+, and so on) and that have VCs that function at less than the line rate.
Workaround: Configure a VC (with any QoS type) to function at the line rate.
Possible Alternate Workaround: Remove the OAM configuration.
•CSCeg07509
Symptoms: A router may crash when you enter the dir flash: command.
Conditions: This symptom is observed on a low-end router that uses a Compact Flash (CF) device when the root directory is nearly full with file entries.
Workaround: Keep the number of file entries in the root directory relatively small (less than 100).
•CSCeg10517
Symptoms: A falling threshold trap is generated when the value is lower than or equal to the threshold value. The falling trap should be generated only if the value is lower than the threshold value.
Conditions: This symptom is observed when the threshold type is consecutive.
Workaround: There is no workaround.
•CSCeg11566
Symptoms: Intensive SNMP polling may cause the I/O memory of a router to be depleted.
Conditions: This symptom is observed in rare situations.
Workaround: Reduce the SNMP polling interval, frequency, or rate.
•CSCeg14065
Symptoms: A VIP may crash when its Ethernet interface is continuously congested.
Conditions: This symptom are observed on a Cisco 7500 series that runs Cisco IOS 12.3(8)T5 when MPLS is enabled. The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
•CSCeg15044
Symptoms: Although there are free tty lines, you cannot make a Telnet connection and a "No Free TTYs error" message is generated.
Conditions: This symptom is observed when there are simultaneous Telnet requests.
Workaround: There is no workaround.
•CSCeg23428
Symptoms: After you perform an OIR of a VIP, reload microcode onto a VIP, or after a VIP crashes, an MLP or MFR interface that is shut down comes up unexpectedly.
Conditions: This symptom is observed on a Cisco 7500 series only with virtual interfaces and only the first time that you perform an OIR or reload microcode or that the VIP crashes after the router has booted up. The symptom does not occur when you perform subsequent OIRs or reload microcode again or when the VIP crashes again.
Workaround: There is no workaround.
•CSCeg41734
Symptoms: The console of a router may stop responding and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(6b) and that is configured with an NPE-G1 when the native Gigabit Ethernet interfaces of the NPE-G1 are used.
Workaround: There is no workaround.
•CSCin80513
Symptoms: An SSG platform crashes because of a memory corruption.
Conditions: This symptom is observed when SSG processes prepaid RADIUS proxy users and is most likely to occur when a tunnel authentication failure for a prepaid RADIUS proxy user occurs.
Workaround: There is no workaround.
•CSCin81985
Symptoms: Although a RADIUS server is up and running, a router may not contact the RADIUS server during login authentication.
Conditions: This symptom is observed when the RADIUS server is declared dead and then, after an accounting-on record is sent, changes to the up state.
Workaround: Configure local authentication as a backup by entering the aaa authentication login default group radius local command and a local user name and password.
•CSCin83826
Symptoms: When a user with a prepaid service attempts to log in, SSG reloads because the router receives a RADIUS access request packet with an incorrect attribute value.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.3(11)T when the following conditions are present:
–The router is configured for SSG.
–The router has the radius-server vsa send authentication command enabled.
–The router has an incorrect attribute value configured in the subscriber profile.
Workaround: Do not enable the radius-server vsa send authentication command on the router.
Alternate Workaround: If this is an option, configure the service to be postpaid.
•CSCsa42366
Symptoms: A router may crash because of a memory leak in the SAA/RTR process.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10a) and that is configured for SAA/RTR.
Workaround: Do not perform a getmany command on the rttMonLatestRttOperEntry, rttMonCtrlAdminEntry, and rttMonEchoAdminEntry variable. Do not perform a getone command on the rttMonLatestRttOperAddress variable.
•CSCsa49728
Symptoms: RADIUS interim accounting update messages for connected devices are delayed.
Conditions: This symptom is observed on a Cisco platform that runs SSG under a moderate traffic load when the timer that is attached to the timer wheel has a tick value that is a multiple value of the size of the wheel.
Workaround: There is no workaround.
•CSCsa53912
Symptoms: You cannot log on when a TACACS+ server is used for authentication. You get a message that authentication fails and you are asked again to enter your user name.
Conditions: This symptom is observed when you make a Telnet connection to a router that is configured for TACACS+ after you have entered you user name and your TACACS password.
Workaround: Configure the TACACS+ single connection option by entering the tacacs-server host host-name single-connection command.
IBM Connectivity
•CSCeg05690
Symptoms: A software-forced crash may occur on a Cisco router that is configured with a Bisync Serial Tunnel (BSTUN).
Conditions: This symptom is observed when line flaps occur on the asynchronous line that is attached to the BSTUN while the router attempts to forward packets via the asynchronous line.
Workaround: Ensure that the asynchronous line does not flap.
•CSCeg10448
Symptoms: DLSW transparent redundancy does not function via a Fast Ethernet port adapter.
Conditions: This symptom is observed when you use a Fast Ethernet port adapter with a particular third-party vendor chipset.
Workaround: Use a port adapter that uses a different chipset.
•CSCeg58906
Symptoms: A Cisco router does not receive a Receiver Ready (RR) message from a device that is connected via an Ethernet link.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10), that is configured for DLSw, and that has a bridge group configured on an Ethernet interface. The symptom occurs only when the following conditions are present:
–NetBIOS is transported via DSLw and the NetBIOS Add Name Response command is used.
–The end system produces a specific frame.
The following is an example of a configuration in which the symptom occurs:
A NetBIOS server connects to a router (Router 1) that connects via a DLSw link to another router (Router 2). Router 2 connects via an Ethernet link to a NetBIOS client.
The MAC address of the NetBIOS client is located in the transparent bridge table on Router 2. When the NetBIOS server transmits a NetBIOS Add Name Response command to the NetBIOS client, Router 2 mishandles the NetBIOS Add Name Response command, causing the MAC address of the NetBIOS client in the transparent bridge table to point to the DLSw interface instead of to the local Ethernet interface. All subsequent LLC2 frames that are sent from Router 2 for this DMAC fail until the end system sends a frame to Router 2, enabling Router 2 to relearn the MAC address of the NetBIOS client for the correct port.
Workaround: There is no workaround.
Interfaces and Bridging
•CSCef23253
Symptoms: When you activate a serial interface on a PA-MC-8TE1+ port adapter that is installed in a VIP, dCEF may be disabled on the slot in which the PA is installed (in this example, in slot 3) and the following error message is generated:
%FIB-3-FIBDISABLE: Fatal error, slot 3: IPC Failure: timeout
The output of the show controller vip 3 logging command may time out, indicating problems with IPC.
The failure may cause additional error messages or may cause the VIP to reset, affecting all port adapters that are installed in the VIP.
Conditions: This symptom is observed on a Cisco 7500 series with a faulty PA-MC-8TE1+ port adapter that is installed in a VIP.
Workaround: There is no workaround. This fix for this caveat eases the detection of a faulty port adapter (see below).
Further Problem Description: The fix for this caveat will detect and shut down a faulty port adapter so that the VIP and the other port adapters in the VIP are not affected. The error message that is added by the fix is the following:
%VIP2 R5K-1-MSG: slot3 PA BAD - disabling the PA in bay 1
This message indicates that the PA-MC-8TE1+ in bay 1 is faulty and must be replaced.
•CSCin79468
Symptoms: An ATM subinterface enters the up/up state regardless of whether or not a PVC is down.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a PA-A3 port adapter when the router boots up without a connecting cable. This situation causes a PVC to remain down. The PVC remains down even after you connect the cable and the ATM subinterface enters the up/up state.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ATM subinterface with the PVC that is down.
•CSCin84694
Symptoms: On a Cisco 7x00 series that runs Cisco IOS Release 12.3 and that is equipped with an ATM PA-A3 port adapter, the SAR chip of the port adapter may crash or the interface may become stuck.
Conditions: This symptom is observed when there is a high-traffic load on the ATM PA-A3 port adapter and when many VCs are created, deleted, and modified continuously. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCin86098
Symptoms: One or more ATM PVCs stops transmitting packets.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-A3 or PA-A6-OC3 port adapter when the PVC is configured with CBR and when traffic with more than the configured CBR value passes.
Workaround: There is no workaround.
IP Routing Protocols
•CSCef45830
Symptoms: A stale BGP route does not time out, which can be observed in the output of the show ip route vrf command.
Conditions: This symptom is observed in a BGP multipath configuration.
Workaround: Enter the clear ip route vrf vrf-name command.
•CSCef50065
Symptoms: Spurious memory accesses and tracebacks are generated on a Cisco 831.
Conditions: This symptom is observed when NAT/PAT is configured.
Workaround: There is no workaround.
•CSCef57803
Symptoms: In a VPNv4 network in which a multi-homed CE router advertises multiple paths for a prefix, a PE router may fail to withdraw the prefix previously advertised to another PE router when its best path changes from a non-imported path to an imported path because of a change in the import route map of the VRF.
Conditions: This symptom is observed in a topology in which a CE router connects to a PE router via two different VRFs.
Workaround: Remove the imported path either by unconfiguring the import route map of the VRF or by changing the import route target, withdraw the non-imported prefix from the CE router, and restore the import route map or import route target.
•CSCef60659
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef65500
Symptoms: A Cisco router that is configured for OSPF may generate recurring SYS-3-CPUHOG messages and tracebacks that are caused by the OSPF process:
%OSPF-5-ADJCHG: Process 100, Nbr 10.52.0.186 on ATM1/0.381 from LOADING to FULL, Loading Done
%SYS-3-CPUHOG: Task ran for 4568 msec (243/31), process = OSPF Router, PC = 60B9DFA8.
-Traceback= 60B9DFB0 60B7E6E0 60B7EE58
%OSPF-5-ADJCHG: Process 100, Nbr 10.53.0.66 on ATM1/0.115 from FULL to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 100, Nbr 10.53.0.66 on ATM1/0.115 from LOADING to FULL, Loading Done
%SYS-3-CPUHOG: Task ran for 4988 msec (569/120), process = OSPF Router, PC = 60B9DFA8.
-Traceback= 60B9DFB0 60B7E6E0 60B7EE58
At another date, the following error messages and tracebacks are generated:
%SYS-3-CPUHOG: Task ran for 2224 msec (368/9), process = OSPF Router, PC = 60BA80BC.
-Traceback= 60BA80C4 60B8876C 60B88EE4
%OSPF-5-ADJCHG: Process 100, Nbr 10.61.0.26 on ATM2/0.179 from FULL to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 100, Nbr 10.61.0.26 on ATM2/0.179 from INIT to DOWN, Neighbor Down: Interface down or detached
%OSPF-5-ADJCHG: Process 100, Nbr 10.61.0.26 on ATM2/0.179 from LOADING to FULL, Loading Done
%SYS-3-CPUHOG: Task ran for 2028 msec (647/283), process = OSPF Router, PC = 60BA80BC.
-Traceback= 60BA80C4 60B8876C 60B88EE4
%SYS-3-CPUHOG: Task ran for 2904 msec (552/153), process = OSPF Router, PC = 60BA80BC.
-Traceback= 60BA80C4 60B8876C 60B88EE4
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-225 and that runs Cisco IOS Release 12.2(15)T5 or 12.2(15)T13. However, the symptom may be platform-independent and could also occur in other releases.
Workaround: There is no workaround.
•CSCef84062
Symptoms: A Cisco router that is running BGP may crash due to a bus error at a low address when using the show bgp ipv6 network command.
Conditions: This symptom is observed on a Cisco 7505 router that is running Cisco IOS 12.2(15)T8. The problem occurred after recent BGP configuration changes.
Workaround: There is no workaround.
•CSCef91275
Symptoms: An MPLS TE tunnel stays stuck in the "Path Half Admitting" state, as is shown by the output of the show mpls traffic-eng tunnel command, thereby preventing the tunnel from coming up.
Conditions: This symptom may be observed when a particular third-party router that functions as the headend for the MPLS TE tunnel sends a Path message to a Cisco router that functions as the midpoint for the router MPLS TE tunnel and that does not have the mpls traffic-eng tunnels interface configuration command enabled on the outbound interface that would be used to forward the Path message.
Workaround: Enter the mpls traffic-eng tunnels interface configuration command on the outbound interface of the Cisco router. Then, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on this interface, and save the configuration.
•CSCef93215
Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the "ospf_build_one_paced_update" process.
Conditions: This is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel within a particular OSPF area. The symptom may occur at any time without any specific changes or configuration and is not specifically related to any type of LSA.
Workaround: There is no workaround.
Further Problem Description: The symptom is very unlikely to occur. The symptom does not occur on a router that has exclusively stub areas and NSSA areas. The symptom may occur when a router does not have exclusively stub areas and NSSA areas.
•CSCef95026
Symptoms: When interfaces flap, a Cisco router may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when OSPF accesses a freed LSDB entry.
Workaround: There is no workaround.
•CSCef97573
Symptoms: A router may reload with a bus error exception, the crashinfo file shows an address error (a load or instruction fetch), and there is a spurious access in the crashinfo file.
Condition: These symptoms are observed on a Cisco router that performs NAT on H.323 voice traffic.
Workaround: There is no workaround.
•CSCef97738
Symptoms: BGP may pass an incorrect loopback address to a multicast distribution tree (MDT) component for use as the source of an MDT tunnel.
Conditions: This symptom is observed when you reload a Cisco router that runs Cisco IOS Release 12.0(28)S1 and when there is more than one source address that is used in BGP, such as Lo0 for IPv4 and Lo10 for VPN. If the IPv4 peer is the last entry in the configuration, the MDT tunnel interface uses lo0 as the source address instead of lo10. The symptom may also occur in other releases.
Workaround: Remove and add the MDT statement in the VRF.
•CSCeg05233
Symptoms: When the dampening command is enabled, directly-connected routes disappear after you reload the router.
Conditions: This symptom is observed in a configuration that includes many Cisco 7206VXR routers that run Cisco IOS Release 12.2(14)S3, Release 12.3.1a, or Release 12.3.10, that are configured with an NPE-300, NPE-400, or NPE-G1, and that are connected via PA-MC-8E1+ or PA-MC-TE1+ port adapters.
When you reload one of the routers, an interface of its PA-MC-TE1+ port adapter does not forward traffic. Although this interface is in the up/up, state and the controller is up, the interface of a connected router is not the routing table.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on affected interface or enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the controller of the affected interface.
•CSCeg09257
Symptoms: A Cisco 7200 series may reload unexpectedly when you enter the clear ip nat translations global configuration command.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9) when there are several VRFs that are configured with 15,000, 20,000, and 30,000 sessions, when the CPU utilization of the router is at 90 percent of its capacity, and when expired sessions do not time out. The symptom is platform-independent and occurs only on high-end routers that are able to scale up to a very high number of sessions.
Workaround: There is no workaround.
•CSCeg19442
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•CSCeg49796
Symptoms: Commands on a router may be unexpectedly removed from the running configuration.
Conditions: This symptom is observed on a router that is assigned as a neighbor to a BGP peer group. For example, when the shutdown command was previously configured on the router, the command is removed from the running configuration after the router is assigned as a neighbor to a BGP peer group.
Workaround: Re-enter the commands on the router.
•CSCeg52659
Symptoms: A Cisco 7200 series may not withdraw a BGP route from an iBGP peer.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(3) when the clear ip bgp neighbor-address soft out command is entered for one of the members of the peer group of which the Cisco 7200 series is a member and when some changes to the outbound policy are made to the same member of the peer group. This situation causes some prefixes to remain struck in the other members of the peer group.
The symptom is a very old behavior of the BGP peer group functionality: when one member of a peer group is cleared via either a hard reset or a soft reset and a policy change causes some of the prefixes to be withdrawn, inconsistencies may occur in the routes on the other members of the peer group.
Workaround: For peer groups and neighbors that are members of a peer group, do not enter the BGP neighbor-specific clear ip bgp neighbor-address soft out command or the clear ip bgp neighbor-address command. Rather, enter the peer group-specific clear ip bgp peer-group-name soft out command or the clear ip bgp peer-group-name command.
•CSCeg66091
Symptoms: Previously suppressed prefixes are not automatically re-installed in an VRF table.
Condition: This symptom is observed when a VRF reaches the maximum route limit, when subsequent prefixes are suppressed, and when the suppressed condition is cleared. In this situation, previously suppressed prefixes should be automatically re-installed in the VRF table when the suppressed condition is cleared.
Workaround: Enter the clear ip bgp command.
•CSCeg74205
Symptoms: In a simple network that consists of two routers, SPF calculations occur every minute although no topology changes occur.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS release later than Release 12.3(6b) or Release 12.3(7)T4 and that functions as an ABR router when there are static routes in the network.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(6b) and Release 12.3(7)T4: SPF calculations do not occur every minute.
•CSCin74330
Symptoms: The LDP Hello process may not be reinitiated after a TDP ID is received, preventing LDP neighbors from being discovered.
Conditions: This symptom is observed on a Cisco router that does not have an IP address configured when you first enter the mpls ip command and then assign the IP address.
Workaround: Assign the IP address to an interface of the router before you enable MPLS.
•CSCsa44383
Symptoms: When CEF is enabled on a router that performs NAT translation, sessions that use NAT translation fail when the traffic stops.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(15)T14 or Release 12.3(9). Clearing the NAT translation table by entering the clear ip nat trans * command on the router that performs NAT translation fixes the symptom only temporarily. Note that the symptom does not occur in Release 12.3(8)T.
Workaround: Enter the no ip cef command on the router that performs NAT translation.
Alternate Workaround: Configure static NAT translation.
•CSCsa51150
Symptoms: When Network Address Translation (NAT) is configured, TCP translations do no time out properly when the TCP session is closed in a normal way.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 and that integrates the fix for CSCed93170. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed93170.
Workaround: Lower the global NAT translation timeout period with the ip nat translation tcp-timeout seconds command.
•CSCsa59600
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
ISO CLNS
•CSCee83712
Symptoms: A 60-second blackhole of an MPLS VPN flow (or any other flow to BGP) may occur when an IS-IS link fails or the metric of the IS-IS link is modified.
Conditions: This symptom is observed on a Cisco platform that functions as a PE router and that is configured for BGP when the following conditions are present:
–The PE performs loadbalancing to two links, which may be two links with the same metric to another router or two links to two different routers.
–The ip fast-convergence command is enabled as part of the router isis command on the PE router.
Workaround: Disable the ip fast-convergence command. This workaround can only be applied if the platform is part of a network that does not target a 50-msec convergence time. If this is not an option, there is no workaround.
•CSCsa45381
Symptoms: CLNS fast-switching is disabled on a serial E3 interface that is configured for HDLC encapsulation.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(30)S but may also occur in other releases.
Workaround: There is no workaround.
Miscellaneous
•CSCeb65579
Symptoms: All 32- and 64-bit counters are missing from the ifXTable of the IF-MIB.
Conditions: This symptom is observed on a Cisco 2691, Cisco 3725 and Cisco 3745.
Workaround: There is no workaround.
•CSCec51408
Symptoms: After you reload a Cisco 7xxx series router, the vbr-nrt output-pcr output-scr output-mbs command or the ubr output-pcr command may be missing from the configuration of the IMA-group interface of a PA-A3-8T1IMA or PA-A3-8E1IMA port adapter.
Condition: The symptom is observed when the vbr-nrt output-pcr output-scr output-mbs command or the ubr output-pcr command is configured on an IMA-group interface that also has minimum active links configured.
Workaround: There is no workaround.
•CSCed66010
Symptoms: The endpoint max-calls h323id gatekeeper configuration command works only in one direction.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.3(05b) but may also occur in Release 12.3 T. When the limit that is defined in the endpoint max-calls h323id gatekeeper configuration command is reached, calls are only restricted via an ARJ message when they are originated at the endpoint that is defined in the endpoint max-calls h323id gatekeeper configuration command. Calls that are originated at any other gateway and that are terminated at the gateway that is defined in the endpoint max-calls h323id gatekeeper configuration command are not rejected by the gatekeeper via an ARJ message as they should be.
Workaround: There is no workaround.
•CSCed83129
Symptoms: A line card may crash when a router forwards multicast traffic in an MVPN environment.
Conditions: This symptom is observed when the data multicast distribution tree (MDT) advertisements that were received by the router expire. This situation causes the router to stop decapsulating packets in the VRF context and causes the router to send packets only from the interfaces that are defined in the global table.
Workaround: There is no workaround.
•CSCed83616
Symptoms: A Cisco router may reload when you enter the show standby or show standby brief command.
Conditions: This symptom is observed on a Cisco Multiprocessor WAN Application Module MWAM) when multiple HSRP groups are configured and unconfigured in a loop while traffic for the HSRP groups is being processed. The symptom may be platform-independent.
However, a stress scenario in which many HSRP groups are configured and unconfigured while the show standby or show standby brief command is executed may be a rather uncommon scenario.
Workaround: Do not to enter the show standby or show standby brief command while configuration changes are being made.
•CSCee32427
Symptom: A Cisco 2691 may hang after crashing with the following error message:
%ERR-1-GT64120 (PCI-0): Fatal error, DMA out of range error
Conditions: This symptom is observed when you boot the Cisco 2691.
Workaround: There is no workaround.
Further Problem Description: The symptom is only observed on a Cisco 2691.
•CSCee32527
Symptoms: A CNS config change notification event may not contain BGP router mode information in the context fields of the event.
Conditions: This symptom is observed when the cns config notify diff command is configured and the router BGP command configurations cause a configuration change.
Workaround: There is no workaround.
•CSCee56209
Symptoms: Access control list (ACL) counters may display twice as many matches as there are in reality.
Conditions: This symptom is observed when ACL counters are used in policies in which class maps are nested. These counts propagate into the accounting output of the show policy interface command, creating the impression that twice as many packets have entered the network and are matched on these ACLs as there are in reality.
Workaround: There is no workaround.
•CSCee58709
Symptoms: The PCI retry counter expires during the boot of a Cisco Route Processor Module (RPM).
Conditions: This symptom is observed on a Cisco MGX series RPM that runs the rpm-js-mz image of Cisco IOS interim Release 12.3(9.2)T but may also occur in Release 12.3.
Workaround: There is no workaround.
•CSCee62370
Symptoms: An originating gateway (OGW) intermittently sends H.323 VoIP calls to the wrong destination.
Conditions: This symptom is observed on a Cisco AS5850 that functions as an OGW. The H.323 VoIP calls may be made through a gatekeeper or through a dial peer that points directly to a terminating gateway (TGW). The OGW fails to use the VoIP dial peer that points to the TWG and instead sends the call to another destination. The call shows up in the call details record (CDR) of the wrong partner.
Workaround: There is no workaround.
•CSCee77079
Symptoms: An NM-HDV that is configured for HDLC may stop forwarding traffic when there is a heavy load of traffic, and the DSP on the NM-HDV may be reloaded.
Conditions: This symptom is observed on an NM-HDV that uses firmware that was built on 10-Feb-04 14:45. You can verify the date on which the firmware was built in the output of the show diag | inc Compiled command.
Workaround: There is no workaround.
•CSCef10863
Symptoms: A router may reload when NBAR protocol discovery statistics are displayed or when the NBAR protocol discovery is disabled on a serial interface.
Conditions: This symptom is observed on a Cisco 1800 series and Cisco 3745 that run Cisco IOS interim Release 12.3(9.10)T. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCef18837
Symptoms: IPSec is not established over a dialer interface. When you enter the debug crypto ipsec, debug crypto isakmp, and debug dialer detailed commands, the debug output shows the following message:
IPSEC(sa_initiate): Kicking the dialer interface
Conditions: This symptom is observed on a Cisco router that has a dialer interface on a BRI that connects via ISDN to a peer. Note that the dialer interface works fine, encryption does not.
Workaround: Add the peer address to the dialer map or use dialer profiles.
•CSCef24099
Symptoms: A Cisco voice gateway does not send an RTR probe to an alternate endpoint (alt-ep) to check the network integrity.
Conditions: This symptom is observed when the call fallback active command is enabled and when the alt-ep is received in an ACF from the gatekeeper.
Workaround: There is no workaround.
•CSCef28657
Symptoms: A router that is configured for SNMP may crash.
Conditions: This symptom is observed when the debug snmp packet command is enabled and you enter the no snmp-server host host-address community command.
Workaround: First enter the no debug snmp packet command before you enter the no snmp-server host host-address community command.
•CSCef35911
Symptoms: MPLS IAS traffic without labels is dropped at one ASBR when PPP encapsulation is configured between two ASBRs.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S1 and that functions as an ASBR. However, the symptom may be platform-independent and may also occur in other releases.
Workaround: Change the encapsulation to HDLC.
•CSCef39266
Symptoms: IP multicast Rendezvous point (RP) discovery messages are not received and RP mappings are not populated on a Cisco router.
Conditions: This symptom is observed on a Cisco 7304 that runs Cisco IOS Release 12.2S and that is configured for PIM when Auto-RP announcement messages are sent across all the interfaces on a network. The symptom occurs when the Cisco 7304 is configured with a 4-port or 8-port Ethernet port adapter (PA) that is installed in a PA carrier card and after a multicast configuration command is removed. However, the symptom is platform-independent and could also occur on other platforms in a similar configuration.
Workaround: To restore the interfaces of the PA to normal operating conditions, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interfaces.
Further Problem Description: The fix for this caveat is also integrated in Release 12.3.
•CSCef40723
Symptoms: The bandwidth on a Fast Ethernet (FE) interface changes to 10 Mbps when the remote interface is flapped once.
Conditions: This symptom is observed on the FE interface of a port adapter that is installed in a carrier card on a Cisco 7304 that is configured with an NSE-100. The FE interface has an auto-duplex and an auto-speed configuration.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected FE interface.
•CSCef44607
Symptoms: The output of the show spe command shows SPE failures.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•CSCef44699
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef57627
Symptoms: A PVC does not come up when it should come up according to the configured values of the OAM AIS/RDI cells, and the PVC enters the "up retry" state.
Conditions: This symptom is observed when the oam ais-rdi command is enabled.
Workaround: There is no workaround.
•CSCef58522
Symptoms: Almost every hour the following error message is generated:
%TFIB-7-SCANSABORTED: TFIB scan not completing. Unresolved adjacency.
Conditions: This symptom is observed on a Cisco platform that is configured for MPLS when the LFIB scanner process is active.
Workaround: There is no workaround.
•CSCef60583
Symptoms A Cisco AS5350 that functions as a voice gateway may report a memory leak.
Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(5) or Release 12.3(10).
Temporarily Workaround: Reload the router to temporarily free the memory.
•CSCef61721
Symptoms: CEF may not be updated correctly with a route change.
Conditions: This symptom is observed when IPv6 BGP is configured and when a route changes from iBGP to eBGP or the other way around.
Workaround: Repopulate CEF with the correct forwarding information by entering the clear ipv6 route ipv6-address command.
•CSCef62983
Symptoms: A software-forced reload may occur on a Cisco 7200 series.
Condition: This symptom is observed on a Cisco 7200 series that functions as a voice gatekeeper.
Workaround: There is no workaround.
•CSCef63272
Symptoms: A recursive static default route may not have an outgoing MPLS label, causing all packets to be dropped.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) but may also occur in other releases.
Workaround: Add a nonrecursive static route to the BGP next-hop.
•CSCef68876
Symptoms: When a third-party gatekeeper sends an IRQ with a callReferenceValue that has the MSB bit set to 1, a Cisco gateway does not include the perCallInfo field in the information request response (IRR) to the third-party gatekeeper.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2 and Release 12.2T and occurs only for solicited IRRs. The symptom does not occur for periodic IRRs that are sent by the gateway. The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat causes the MSB of the callReferenceValue to be ignored while processing IRQ messages.
•CSCef70871
Symptoms: A Cisco AS5850 looses all connectivity (ISDN, FE, and GE connectivity) and is only accessible via the console port. The "%DSIPPF-5-DS_KEEPALIVE_LOSS: DSIP Keepalive Loss" error message that is generated shortly after the connectivity is lost suggests that the cards in the chassis can no longer communicate with each other too.
Conditions: This symptom is observed after a few hours of normal operation.
Workaround: There is no workaround.
•CSCef73080
Symptoms: A Cisco 7206VXR that is configured with an NPE-G1 may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3 and 12.3T.
Workaround: There is no workaround.
•CSCef73460
Symptoms: An ISA encryption card is not activated when you boot the router.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(11)T or interim Release 12.3(11.4) and that is configured with an NPE-400. Note that the symptom does not occur when the router is configured with an NPE-G1.
Workaround: There is no workaround.
•CSCef75174
Symptoms: A router may crash when you enter the dir flash: command.
Conditions: This symptom is observed on a low-end router that uses a Compact Flash (CF) device when the root directory is nearly full with file entries.
Workaround: Keep the number of file entries in the root directory relatively small (less than 100).
•CSCef75551
Symptoms: A Cisco 7200 series that is configured for IPSec and the Tunnel End-Point Discovery feature may crash because of a watchdog timeout.
Conditions: This symptom is observed when the Cisco 7200 series functions as an IKE responder under stress.
Workaround: Disable the Tunnel End-Point Discovery feature. If this is not an option, there is no workaround.
•CSCef77084
Symptom: A router may reload when the On-Demand Address Pool (ODAP) is deconfigured while the subnet is not renewed.
Conditions: This symptom is observed in a rare timing scenario on a Cisco router that runs Cisco IOS Release 12.3 or 12.3T.
Workaround: First clear all subnets in the DHCP pool and ensure that all of the subnets have been released. The ODAP may automatically request and receive another subnet after the last one has been released. At this time the DHCP pool can be deleted. The new subnet is automatically released to the subnet allocation server.
•CSCef83201
Symptoms: An interface does not return an RDI cell when it should do so but the ATM PVC statistics do increment to indicate that an RDI cell is returned.
Conditions: This symptom is observed when an F5 OAM Segment AIS is transmitted into an interface that has an ATM PVC (either a routed PVC or an l2transport PVC).
Workaround: There is no workaround.
•CSCef85231
Symptoms: When SSO redundancy mode is configured and you enter the no form of the mpls ldp neighbor targeted command to deconfigure a previously configured command, the standby RP may reload. The symptom may also occur when you enter the no form of the mpls ldp neighbor implicit-withdraw command. For example, any of the following command sequences may cause the symptom to occur:
Example 1:
mpls ldp neighbor 10.0.0.1 targeted ldp
...
no mpls ldp neighbor 10.0.0.1 targeted ldp
Example 2:
mpls ldp neighbor 10.0.0.1 targeted ldp
...
no mpls ldp neighbor 10.0.0.1 implicit-withdraw
Conditions: This symptom is observed when the mpls ldp neighbor targeted command is configured and when the Label Distribution Protocol (LDP) is globally disabled. (By default, LDP is globally enabled, but it can be disabled by entering the no mpls ip global configuration command.) The symptom does not occur when other commands are configured for the specific neighbor, for example, if an MD5 password is configured for the neighbor as illustrated in the command sequence below:
no mpls ip mpls ldp neighbor 10.0.0.1 targeted ldp mpls ldp neighbor 10.0.0.1 password foo no mpls ldp neighbor 10.0.0.1 targeted ldp
This symptom occurs in releases that integrate the fix for caveat CSCee12408. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee12408.
Workaround: Configure a password for the neighbor as shown in the Conditions above before you enter the no form of the mpls ldp neighbor targeted command or the no form of the mpls ldp neighbor implicit-withdraw command.
•CSCef85259
Symptoms: Voice call detail records in the history disappear within one minute of being stored, which you can observed in the output of the show call voice history command or in the "call history" report from the CME GUI.
Conditions: This symptom is observed when the number argument of the dial-control-mib retain-timer number command is set to a high value such as two days.
Workaround: Store only one day worth of calls in the history on the router or log CDRs via syslog, TACACS, or RADIUS to a separate server.
•CSCef85906
Symptoms: A voice may gateway may hang, you may not be able to make a Telnet connection to the gateway, and the gateway may generate error messages and DSP Farm-related tracebacks such as the following:
%SYS-2-LINKED: Bad enqueue of 646B3C38 in queue 63AD2B20
-Process= "DSP Farm Application Manager", ipl= 4, pid= 188
-Traceback= 60F62190 6000E498 604CCEAC 604C8A70 604CB2E0 604CB480 604C8C18 604C9138 604C9A14 61C1E06C 61C1E050
vnm_dsp_receive_packet: Invalid resources from dsp slot 1 dsp 13 ch 0
vnm_dsp_receive_packet: Invalid resources from dsp slot 1 dsp 13 ch 0
vnm_dsp_receive_packet: Invalid resources from dsp slot 1 dsp 13 ch 0
%SYS-2-LINKED: Bad enqueue of 646B3C38 in queue 63AD2B20
-Process= "DSP Farm Application Manager", ipl= 4, pid= 188
-Traceback= 60F62190 6000E498 604CCEAC 604C8A70 604CB2E0 604CB480 604C8C18 604C9138 604C9A14 61C1E06C 61C1E050
Conditions: These symptoms are observed when there is continuous traffic on a Cisco 2691, Cisco 3825, and Cisco 3745 that run Cisco IOS Release 12.3(8)T, that function as MGCP voice gateways, and that are configured with several voice T1s and a DSP Farm as a conference resource. The symptoms may also occur in Release 12.3.
Workaround: Reload the gateway.
•CSCef86009
Symptoms: An incorrect cause code (0xD NA) is reported at a terminating Cisco AS5850 when a user is busy.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(10).
Workaround: There is no workaround.
•CSCef88885
Symptoms: When a call is received without ANI information from an IP network and the call is manipulated via a translation rule on the terminating gateway (TGW), the ANI information is not sent in the ISDN connection.
Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(11)T and that functions as a TGW. The symptom occurs only for calls without ANI information. The symptom may also occur in Release 12.3.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(4)T.
•CSCef89647
Symptoms: A Cisco 7500 series may reload because of a bus error after reporting error messages such as the following ones:
%RSP-3-ERROR: memd write exception, addr 08000000 %RSP-3-ERROR: RSP alignment error on write to QA, addr 08000000
Condition: This symptom is observed on a Cisco 7500 series that has MLP links configured for Multiprotocol Label Switching (MPLS).
Workaround: There is no workaround.
•CSCef91508
Symptoms: A Cisco router may reload unexpectedly with a bus error exception.
Conditions: This symptom is observed on a Cisco router that runs PPP over Ethernet (PPPoE).
Workaround: There is no workaround.
•CSCef94525
Symptoms: A port adapter that is installed in a VIP or FlexWAN and that is configured with more than 38 multilink bundles may crash.
Conditions: This symptom is observed on a Cisco 7500 series and Cisco 7600 series when distributed CEF switching is disabled either through entering the no ip cef distributed command or through a FIB-DISABLE event.
Workaround: There is no workaround.
•CSCef96622
Symptoms: An individual PVC in a PVC range becomes stuck and fails to transmit or receive traffic.
Conditions: This symptom is observed when you shut down the individual PVC in the PVC range, you reload the router, and you enter the no shutdown command on the PVC in the PVC range.
Workaround: Enter the no shutdown command on the PVC in the PVC range and reload the router.
•CSCef97768
Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.
Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).
Workaround: There is no workaround.
•CSCeg00012
Symptoms: A Cisco 7200 series reloads while testing PPPoE relay.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(11.7)T.
Workaround: There is no workaround. Although this caveat does not occur in Release 12.3, the fix for this caveat is integrated in interim Release 12.3(12.3) as a precaution.
•CSCeg00085
Symptoms: Multicast-based routing protocol packets are not transmitted over mGRE interfaces. Incoming routing packets are received without a problem.
Conditions: This symptom is observed when DMVPN is configured.
Workaround: Use a unicast-based routing protocol or use static routing.
•CSCeg00481
Symptoms: A router fails to receive the Integrated Local Management Interface (ILMI) prefix from the switch side.
Conditions: This symptom occurs during the initial negotiation of ILMI parameters. The output of show atm ilmi-status command does not show the configured ILMI prefix.
Workaround: There is no workaround.
•CSCeg02095
Symptoms: A Cisco router may not report its SNMP sysobjID. Instead, the router generates the following tracebacks:
%SNMP-3-BADOID: Attempt to generate an invalid object identifier -Traceback= 611DD8EC 611DD76C 611DD560 61203F90 60EA7238 60EA721C
This situation prevents the router from being identified as a Cisco device, and network management applications are unable to manage the router.
Conditions: This symptom is observed on a Cisco 3660 (CISCO3660-MB-1FE) that runs a telco image.
Workaround: Run an enterprise image, which enables the device to be managed. If this is not an option, there is no workaround.
•CSCeg02791
Symptoms: A router that is configured for QSIG crashes with a SegV exception.
Conditions: This symptom is observed when the "ring again" facility is used on a PBX that is connected to the router.
Workaround: There is no workaround.
•CSCeg03153
Symptoms: The ifAdminStatus MIB shows that subinterfaces are up when the main interface is shut down. This situation prevents SNMP from monitoring the proper status of the subinterfaces.
Conditions: This symptom is observed when an ATM main interface is shut down but its subinterfaces are not.
Workaround: Do not use the ifAdminStatus MIB. Rather, use the ifOperStatus MIB.
Further Problem Description: The fix for this caveat ensures that when the main interface is shut down, the ifAdminStatus MIB does show that the subinterfaces are down too, whether or not the individual subinterfaces have been shut down.
•CSCeg03733
Symptoms: A router may reload because of a memory corruption when you query via getmany or getbulk the entire ciscoCBQosMIB (1.3.6.1.4.1.9.9.166) or when you poll the cbQosQueueingStatsTable or cbQosPoliceStatsTable.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-jsv-mz image of Cisco IOS interim Release 12.3(11.4) when the following tables in the CBQOSMIB are polled:
–getREDClassStats
–getTSStatsEntry
–getQueueingStatsEntry
–getPoliceStatsEntry
The symptom does not occur on other platforms.
Workaround: Do not query the entire ciscoCBQosMIB and do not poll the cbQosQueueingStatsTable or cbQosPoliceStatsTable.
•CSCeg03755
Symptoms: A Cisco AS5850 may not forward traffic through a GRE tunnel.
Conditions: This symptom is observed on a Cisco 1604 that is configured for MLP and that connects to a Cisco AS5850 through a GRE tunnel over an ISDN connection.
Workaround: Disable MLP on the Cisco 1604.
•CSCeg06423
Symptoms: Accounting packet have an incorrect value in tx bytes and rx bytes.
Condition: This symptom is observed when PPPoA multilink is configured.
Workaround: There is no workaround.
Further Problem Description: For this caveat to be properly resolved, both the fix for CSCeg06423 and the fix for CSCeg40507 are required.
•CSCeg07280
Symptoms: A router may crash when a PROTOS test-suite for SIP is running.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS interim Release 12.3(11.7)T but may be platform-independent.
Workaround: There is no workaround.
•CSCeg09274
Symptoms: The line protocol of a serial interface of a PA-E3 may go down, and the output of the show interfaces serial slot/port command shows that the output queue is wedged (Output queue: 40/40) and that output drops increase.
Conditions: This symptom is observed on a Cisco 7204VXR that is equipped with a PA-E3 when a Fast Ethernet interface is either shut down or disconnected and when the router is configured in the following way:
–The encapsulation frame-relay, frame-relay traffic-shaping, and tx-ring-limit ring-limit commands are enabled on the serial interface of the PA-E3.
–Multiple point-to-point subinterfaces with different Frame Relay Traffic Shaping (FRTS) parameters are applied on each of the subinterfaces, and Class Based Weighted Fair Queueing (CBWFQ) is applied on some of the subinterfaces.
Workaround: Either enter the shutdown command followed by no shutdown command on the serial interface of the PA-E3 or enter the clear interface serial slot/port command on the serial interface of the PA-E3.
•CSCeg11398
Symptoms: Mute calls may occur on a Cisco MGCP gateway. The output of the show mgcp connection command shows that the Connection Mode for the originating endpoint remains in a loopback (M=5) after answering the call:
Endpoint Call_ID(C) Conn_ID(I) (P)ort (M)ode ...
1. S7/DS1-0/31 C=3E,315,313 I=0x81 P=0,0 M=3 ...
2. S7/DS1-1/31 C=3E,313,315 I=0x80 P=0,0 M=5 ...
Conditions: This symptom is observed for a hairpin call with COT that is requested on the originating call leg from the PSTN side.
Workaround: Disable COT on the PSTN side.
•CSCeg12497
Symptoms: A Cisco 7200 series that is configured with an NPE-200 and PA-A3 ATM port adapters may reload unexpectedly and fail to boot.
Conditions: This symptom is observed when the PA-A3 ATM post adapters are placed in the higher slots of the router with other high-bandwidth port adapters in between.
Workaround: Place the PA-A3 ATM port adapters in the lower slots (slots 1 and 2) of the router.
Alternate Workaround: Use an NPE-300 or later NPE.
•CSCeg12649
Symptoms: On a Cisco router that functions as an egress PE router in an MPLS VPN network, after the customer-facing line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP request) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. You can recover from the symptom by manually pinging the interface of the CE router from the adjacent PE router.
Workaround: Configure static ARP entries for the next hop router in the static recursive routes.
•CSCeg12719
Symptoms: A memory leak may occur in the VTSP process on a Cisco 3660. However, calls go through.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(10) and that it is configured with an ISDN BRI and for VoIP.
Workaround: There is no workaround.
•CSCeg14303
Symptoms: PPP SSG users are not able to access auto services. The users are not able to log in to the service from SESM. The output of the show ssg host ip-address command indicates that there are overlapping users with the same IP address on multiple interfaces.
Condition: This symptom is observed when PPP users log in and have the ssg port-map enable command configured.
Workaround: Ensure that the PPP users remove the ssg port-map enable command from their configuration.
•CSCeg15278
Symptoms: A memory leak may occur in the CCH323_CT process on a Cisco AS5300.
Conditions: This symptom is observed when the Cisco AS5300 is configured for H.323.
Workaround: There is no workaround.
•CSCeg15422
Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:
%VPN_HW-1-PACKET_ERROR slot 0 Packet Encryption/Decryption error, Output Authentication error (0x20000000)
%SYS-2-GETBUF Bad getbuffer, bytes= 42565 -Process= "Crypto HW Proc", ipl= 0, pid= 87 -Traceback= hex numbers
or
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid Packet
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN/EPII, or AIM-VPN/HPII Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM). The symptom occurs after an IPSec SA rekeying. SYS-2-GETBUF tracebacks are seen if Encapsulating Security Payload (ESP) wide-key Advanced Encryption Standard (AES) 192 or 256 is configured.
Workaround: Use the appropriate AIM-VPN-BPII-Plus or AIM-VPN/EPII-Plus or AIM-VPN/HPII-Plus AIM.
Alternate Workaround 1: If AES 192 or 256 is configured, use ESP AES 128-bit keys.
Alternate Workaround 2: If AES 192 or 256 is configured, use a Data Encryption Standard (DES) transform instead.
•CSCeg15831
Symptoms: DSPWare may be downloaded continuously, eventually causing a memory leak.
Conditions: This symptom is observed very rarely on a Cisco router that runs Cisco IOS Release 12.3, Release 12.3(7)T, or a later 12.3T release and that is configured with an NM-HDV when you download DSPWare to recover a DSP.
Workaround: There is no workaround.
•CSCeg16622
Symptoms: A Cisco router that is configured for SNASw may reload because of a bus error.
Conditions: This symptom is observed when the downstream port is configured for VDLC (DLSw). The problem is more likely to happen in a large, busy SNASw environment.
Workaround: There is no workaround.
Further Problem Description: This issue is platform independent.
•CSCeg17239
Symptoms: A router crashes when you enter the audio-prompt load command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3, 12.3(11)T, or 12.3(11)XL and that is configured for interactive voice response (IVR).
Workaround: There is no workaround.
•CSCeg19191
Symptoms: The memory that is consumed by a tag adjacency is not released.
Conditions: This symptom is observed on a Cisco router that functions as an ASBR when the following conditions are present:
–The ASBR is configured for MP-eBGP peering to another ASBR and has the no bgp default route-target filter command enabled.
–The ASBR has VPNv4 direct forwarding entries.
–The interface to the BGP nexthop of the VPNv4 prefix goes down.
Workaround: There is no workaround.
•CSCeg19298
Symptoms: A router may crash when you enter the show running-config command.
Conditions: This symptom is observed when a bundle is configured on an ATM interface and when you enter the show running-config after you have entered the no protocol protocol-address command for the bundle.
Workaround: There is no workaround.
•CSCeg20327
Symptoms: A router that is configured to terminate ISAKMP IPSec tunnels may crash with a bus error.
Conditions: This symptom is observed when NAT-T and accounting are performed in main mode. The symptom occurs only when the clients are located behind a NAT device and when the two ISAKMP peers detect the NAT device.
Workaround: Disable accounting or use aggressive mode.
•CSCeg24557
Symptoms: An NM-1T3/E3 network module sends an all 1s (ones) pattern when the clear channel T3 interface is shut down. This situation causes a remote framer to report an AIS and the remote end to send a RAI. The end result is that the link does not come up when the you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the T3 interface of the NM-1T3/E3 network module.
Conditions: This symptom is observed on a Cisco 3700 series that runs Cisco IOS Release 12.3(9).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface at the remote end.
•CSCeg25510
Symptoms: A router crashes while downloading a file using the CNS Image Agent. This situation may be related to memory corruption or memory exhaustion.
Conditions: This symptom is observed infrequently after the router has ran for a long time. One of the situations in which the symptom occurs is when you attempt to download an image file that does not exist on a TFTP server.
Workaround: There is no workaround.
•CSCeg27467
Symptoms: A Cisco platform that runs Cisco IOS Release 12.3(10) and that functions as a gatekeeper in an SS7 interconnect configuration may reject calls.
Conditions: This symptom is observed when the following conditions are present:
–The voice gateway is configured with trunk groups and has the Resource Availability Indicator (RAI) threshold enabled.
–When the high threshold value is reached, the voice gateway sends a RAI message with the AlmostOutOfResources field set to "TRUE" to the gatekeeper.
From this point on, the gatekeeper rejects new calls with an Admission Rejection (ARJ) message that indicates that the call capacity of the voice gateway is exceeded.
Workaround: Do not configure Trunk Group and RAI together. If this is not an option, there is no workaround.
•CSCeg28681
Symptoms: A Cisco 2821 that runs an IVR TCL 2.0 script to play audio or music on incoming calls on a POTS leg may cause audio stuttering, cutoffs, looping, breakups, or a combination of these problems, causing menu options in a VXML script to be lost.
Conditions: This symptom is observed when more than five concurrent calls listen to the audio or music stream. When an additional call occurs, the audio may start to break up, may stop completely, or may loop or stutter. The symptom occurs irrespective of whether the script and audio files are loaded from TFTP or from flash memory.
Workaround: There is no workaround.
•CSCeg29995
Symptoms: A router crashes when you create an IPv6 static neighbor entry that replaces an incomplete ND cache entry and when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command multiple times on the interface that connect to the neighbor.
Conditions: This symptom is observed when the following events occur:
1. The router receives and attempts to forward packets to a non-responding IPv6 neighbor, causing the router's ND cache entry for the IPv6 neighbor to be in the incomplete (INCMPL) state.
2. You create a static neighbor entry by entering the ipv6 neighbor command for the same (non-responding) neighbor.
3. You enter the shutdown interface configuration command followed by the no shutdown interface configuration command multiple times on the interface on which the static neighbor entry is defined, or the interface is shut down and the static neighbor is deleted.
Workaround: Ensure that the IPv6 static neighbor is manually created before the processing of traffic causes an incomplete ND cache entry to be created for the same neighbor.
•CSCeg30170
Symptoms: When you perform a stress test on a Cisco 7200 series that processes H.323 voice calls, the following error message and traceback may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x6241A498 reading 0x94 %ALIGN-3-TRACE: -Traceback= 6241A498 6241C788 623EB0F8 623ED694 00000000 00000000 00000000 00000000 DGK7201#
Conditions: This symptom is observed when you make approximately 40 calls per second and when the directory gatekeeper (DGK) loader constantly sends LRQs to the DGKs to query a route server to obtain routes. Note, however, that the router continues to process calls normally.
Workaround: There is no workaround.
•CSCeg30191
Symptoms: There is no ringback when a router sends a "PROC_REQ" message to the ISDN leg instead of an Alerting message to the VoIP leg.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(10).
Workaround: There is no workaround.
•CSCeg34976
Symptoms: A Cisco platform reloads unexpectedly when you remove and reconfigure the pri-group timeslots command on a controller.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•CSCeg36800
Symptoms: After an SSO switchover occurs, RSA keys are lost on a Cisco Catalyst 4500. You must regenerate the RSA keys by entering the crypto key generate rsa command.
Conditions: This symptom is observed on a Cisco Catalyst 4500 that runs Cisco IOS Release 12.2(20)EWA and that is configured for SSO. Note that symptom does not occur when RPR instead of SSO is configured.
Workaround: Do not configure SSO. Rather, configure RPR.
Further Problem Description: Although Release 12.3 does not support the Cisco Catalyst 4500, the fix is integrated in Release 12.3: the fix involves adding a new redundancy checkpoint client, which entails reserving the new checkpoint client ID in Release 12.3 to avoid the possibility of future collisions.
•CSCeg37050
Symptoms: ATM cells may be sent to the wrong PVC even though a debug command shows that the ATM cells are sent to the correct PVC.
Conditions: This symptom is observed on a Cisco IAD2430, Cisco 2600 series, and Cisco MC3810 that use software SAR when there are multiple PPP sessions on multiple PVCs. The symptom does not occur when there is a single PVC or PPP session on the router.
Workaround: There is no workaround.
•CSCeg40907
Symptoms: A platform on which active voice calls are managed through SNMP may reload unexpectedly.
Conditions: This symptom is observed when the DS0 status (cpmDS0BusyoutAdminStatus) is changed from busyout to nobusyout through SNMP.
Workaround: Use the CLI to change the DS0 status from busyout to nobusyout or the other way around.
•CSCeg41277
Symptoms: About 50 percent of the IPv6 Cisco Express Forwarding (CEF) packets that are switched are lost.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10a) and that performs IPv6 CEF switching only when the router has the no ip redirects command enabled and when the router receives packets on a Fast Ethernet interface (or another non point-to-point interface) and forwards the packets from the same interface to another router.
The symptom does not occur when the router forwards the packets from another interface than the one on which the packets are received.
Workaround: With IPv6 CEF enabled, enter the ip redirects command (which is normally enabled by default).
Alternate Workaround: Disable IPv6 CEF globally by entering the no ipv6 cef command.
•CSCeg41323
Symptoms: A router reloads when you configure a service policy.
Conditions: This symptom is observed when you attach a service policy to an interface and you change the interface bandwidth to a low value.
Workaround: Ensure that the changed interface bandwidth does not violate the bandwidth range or detach the service policy before you change the interface bandwidth.
•CSCeg41892
Symptoms: When CP tone NL and caller ID are configured and when a caller ID is sent by the call agent, a DSP may time out or crash.
Conditions: This symptom is observed on a Cisco platform that is configured for MGCP and that runs Cisco IOS Release 12.3(8)T5 or Release 12.3(11)T2.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(7)T4.
•CSCeg43753
Symptoms: A router that is configured for RIP and BGP may crash with the following error messages:
System returned to ROM by bus error at PC 0x0, address 0x0
The crashinfo reports the following:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60BBD828, sp=0x64228388
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60BBD828, sp=0x64228388
Unexpected exception, CPU signal 10, PC = 0x0
-Traceback= 0 60BBD828 60BAC93C 60BAD790 61FE44C0 60BAD834 60B7C138
Symptoms: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9b) and that is configured for MPLS VPN when RIP is partially configured without a network statement and when BGP is redistributed into RIP.
Workaround: Ensure that RIP is configured correctly.
•CSCeg43902
Symptoms: A Cisco AS5350 crashes when is receives and processes a fax from a third-party vendor mail client.
Conditions: This symptom is observed on a Cisco AS5350 that is configured for T.37 offramp fax.
Workaround: Use another mail client.
•CSCeg44218
Symptoms: A Cisco 3600 series that functions as a voice gateway may crash, and (some of) the following error messages may be generated:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel <channel number>
%HPI-3-CODEC_NOT_LOADED: channel: <channel number>
TSP PRI: tsp_cdb not found
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = VTSP.
Conditions: This symptom is observed on a Cisco 3600 series that runs Cisco IOS Release 12.3(10) or 12.3(10a) but may not be platform-specific.
Workaround: There is no workaround.
•CSCeg45308
Symptoms: When multiple Cisco 7200 series routers are configured for MPLS in an SRP ring and when side B of one of the SRP interfaces becomes wrapped, packets that are switched are dropped. However, host-generated packets do go through.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9b) and that is configured with a PA-SRP-OC12SMX port adapter.
Workaround: Disable MPLS on the interface that has side B wrapped.
•CSCeg46753
Symptoms: MPLS VPN may fail on a PE router that is configured for IPSec and that uses fast-switching or process-switching.
Conditions: This symptom is observed on a Cisco 7206 and Cisco 7301 that function as PE routers and that run Cisco IOS Release 12.3(12.5). The symptom could also occur on other platforms.
Workaround: Do not use fast-switching or process-switching. Rather, use CEF switching.
•CSCeg48196
Symptoms: A router may crash while completing an IKE Phase 2 exchange.
Conditions: This symptom is observed on a Cisco router that is configured for IPSec ISAKMP when a peer sends a malformed IKE packet during quick mode negotiation.
Workaround: There is no workaround.
•CSCeg49963
Symptoms: A router crashes when you attempt to download an image or inventory request by using the CNS Image Agent. The traceback shows that memory corruption occurs.
Conditions: This symptom is observed only when you use the CNS Image Agent to download a file.
Workaround: Configure the Image Server to provide account details (that is, a (user ID and password) that enables the Image Agent to validate the server. If new account details are created in such a way that the length of the combined user ID and password is different than the existing user ID and password, the symptom may not occur.
•CSCeg50978
Symptoms: A Cisco 2420 that is configured with a PRI interface enters a boot loop at startup.
Conditions: This symptom is observed on a Cisco 2420 that runs Cisco IOS Release 12.3(12). The symptom does not occur in Release 12.3(9), nor does the symptom occur when the Cisco 2420 that is configured with a T1 CAS interface.
Workaround: There is no workaround.
•CSCeg53963
Symptoms: You cannot make voice calls from a Cisco uBR900 series.
Conditions: This symptom is observed on a Cisco uBR900 series that is configured for IRB and BVI and occurs for any codec.
Workaround: Configure the modem to operate in routing mode.
•CSCeg55523
Symptoms: A memory leak may occur in the ATM Auto-VC creation process.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for dynamic bandwidth selection (DBS) but may also occur on other platforms.
Workaround: There is no workaround.
•CSCeg56219
Symptoms: When a remote initiator sends a nonce with a length shorter than 8 bytes (or with a zero-length) in main mode or aggressive mode, a Cisco platform accepts the nonce and continues the negotiation, which is not RFC-compliant. RFC 2409 states that a nonce length should be between 8 and 256 bytes.
Conditions: This symptom is observed on a Cisco platform that is configured for IPSEC ISAKMP.
Workaround: There is no workaround.
•CSCeg56239
Symptoms: A Versatile Interface Processor (VIP) that is configured for IP Header Compression (IPHC) may reload unexpectedly because of an invalid memory access.
Conditions: This symptom is observed when one of the following sequences of commands are entered on an HDLC or Frame Relay interface:
ip tcp header-compression
ip rtp header-compression
no ip tcp header-compressionor
ip rtp header-compression
ip tcp header-compression
no ip rtp header-compressionThe VIP may not crash immediately, it could be hours, days or weeks later.
Workaround: If you disable TCP header compression, re-enable RTP header compression (or the other way around), as in the following example:
ip tcp header-compression
ip rtp header-compression
no ip tcp header-compression
ip rtp header-compression•CSCeg57594
Symptoms: Distributed cRTP does not function with a PA-MC8TE1+ port adapter.
Conditions: This symptom is observed on Cisco 7500 series that has a PA-MC8TE1+ port adapter installed that is configured for Frame Relay encapsulation.
Workaround: Use process-switching if scalability permits.
•CSCeg62088
Symptoms: A Cisco voice gateway may reload unexpectedly because of a bus error, pointing to an invalid address.
Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that run Cisco IOS interim Release 12.3(12.5).
Workaround: There is no workaround.
•CSCeg62652
Symptoms: When tunnel protection is enabled and when the IPSec secure socket is deleted, a router may crash in the managed timers.
Conditions: This symptom is observed when you remove tunnel protection from an interface. Other scenarios that would cause a IPSec secure socket to be torn down (for example, when a particular tunnel instance within an mGRE tunnel goes away) may also cause the symptom to occur.
Workaround: There is no workaround.
Further problem description: CSCsa42726 introduced a regression that causes a router to crash when you disable tunnel protection. It is likely that the crash also occurs in other instances in which the IPSec secure socket is torn down.
•CSCeg63430
Symptoms: One-way voice occurs when an IP phone transfers a call back to the PSTN via a Cisco AS5850 after having received the call from the PSTN via the same Cisco AS5400. The caller at the PSTN side hears the transferee at the (other) PSTN side, but not the other way around.
Conditions: This symptom is observed when the Cisco AS5850, which runs Cisco IOS Release 12.3T, connects to the PSTN via an PRI in the following topology:
Caller--Phone--PSTN--PRI--AS5850--CCM--IP Phone Transfer--CCM--AS5850--PRI-- PSTN--Transferee
Workaround: Enable MTP or the Cisco CallManager.
Further Problem Description: Although the symptom is not observed in Release 12.3, the fix is included in Release 12.3 as a precaution.
•CSCeg73146
Symptoms: The input gain voice-port configuration command does not adjust the input gain level and the output attenuation voice-port configuration command does not adjust the output attenuation level.
Conditions: This symptom is observed on a Cisco router that functions as a voice gateway.
Workaround: There is no workaround.
•CSCeg79821
Symptoms: A Cisco 7200 VXR router crashes after running out of I/O memory because of a buffer leak in a public particle pool.
Conditions: This symptom is observed on a 7200 VXR router that runs Cisco IOS Release 12.3(9c) or Release 12.3(12) and that is configured with an NPE-G1. The symptom does not occur in Release 12.3(9).
Workaround: There is no workaround.
•CSCeh01182
Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.
Conditions: This symptom is observed on a Cisco voice gateway that is configured with an VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.
Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.
Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.
•CSCin40363
Symptoms: A Cisco platform may reload when you enter the no tag-switching mtu interface configuration command.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series, Cisco 7600 series, and Cisco Catalyst 8540 MSR.
Workaround: There is no workaround. Note that the fix for this caveat is generic in nature and also applies to platforms other than the ones stated in the conditions.
•CSCin65637
Symptoms: Latency is higher when priority queueing is configured for an interface of a 2-port Packet-over-SONET OC-3c/STM-1 port adapter (PA-POS-2OC3). Latency is higher even for priority packets.
Conditions: This symptom is observed when the data rate exceeds the OC-3 line rate and may occur on all types of VIPS on a Cisco 7500 series and on a Cisco 7200 series that is configured with an NPE-300, NPE-400, or NSE-1. The symptom does not occur on a Cisco 7200 series that is configured with an NPE-G1.
Workaround: To prevent the data rate from exceeding the OC-3 line rate, configure traffic shaping. This also brings the latency for priority packet to tolerable limits.
•CSCin84298
Symptoms: The ISAKMP profile that is set in the crypto IPSec profile is not effective. The ISAKMP profile is ignored during the phase-2 negotiation, causing the connection to succeed when it should fail. The crypto map instance that is created does not show the ISAKMP profile.
Condition: These symptoms are observed when an ISAKMP profile is created in such a way that a connection does not map to it.
Workaround: There is no workaround.
•CSCin84607
Symptoms: A terminating gateway may crash on receiving CIC information in the setup message.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(11.8) and that functions as a terminating gateway
Workaround: There is no workaround.
•CSCin85529
Symptoms: SSG crashes and generates tracebacks when you attempt to bring up a PPPoE session.
Conditions: This symptom is observed on a SSG platform that runs Cisco IOS Release 12.3 or interim Release 12.3(12.4)T1 when PPPoE is configured on the SSG platform and on the client.
Workaround: There is no workaround.
•CSCin85579
Symptoms: A Cisco 3660 may crash because of an illegal memory access error during the configuring or deconfiguring of an ATM IMA group.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.7) and that is configured with an ATM Advanced Integration Module (AIM).
Workaround: There is no workaround.
•CSCin86002
Symptoms: The bandwidth of an IMA group interface may be less than the combined bandwidth of its active member links that are up and operational.
Conditions: This symptom is observed on an IMA group interface of a PA-A3-8T1IMA or PA-A3-8E1IMA port adapter that is installed in a Cisco 7xxx platform when the IMA group interface has more than one member link. The symptom occurs when you enter the shutdown interface configuration command quickly followed by the no shutdown interface configuration command on a member link (that is, the command sequence takes less than two seconds). When the member link comes up, the bandwidth of the IMA group interface is not increased.
Workaround: There is no workaround.
•CSCin86096
Symptoms: Classification matching on an IPv6 access control list fails.
Conditions: This symptom is observed on a distributed Cisco platform such as a Cisco 7500 series that has an MQC policy map.
Workaround: There is no workaround.
•CSCin86246
Symptoms: Backup calls are not initiated after you reload the router.
Conditions: This symptom is observed on a Cisco 2800 series that is configured for QoS. When the dialer interface is a designated backup interface and you reload the router, the dialer interface does enter the backup mode even though the primary interface is down.
Workaround: After you have reloaded the router, enter the shutdown command followed by the no shutdown command on the dialer interface.
•CSCsa39275
Symptoms: A router does not properly support the CISCO-POP-MGMT-MIB in voice mode. If a DS0 is busied out for voice traffic, the CISCO-POP-MGMT-MIB does not generate any traps to alarm network managers.
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 3745 that function in voice mode only. None of these routers provide the correct DS0 busyout information in cpmDS0BusyoutStatus (see CSCef59623), preventing cpmDS0BusyoutNotification traps from being sent.
Workaround: There is no workaround.
•CSCsa39707
Symptoms: A Cisco router that is configured as a DHCP server may unexpectedly reload upon receiving a DHCP INFORM message on an unnumbered interface.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(11.9) or a later release.
Workaround: Disable the DHCP server by removing the DHCP pool configuration or by entering the no service dhcp command. Note that entering the no service dhcp command disables both the DHCP server and the relay functionality on the router.
•CSCsa41203
Symptoms: After booting, a router that is configured for voice may generate the following CPUHOG message:
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (38/0),process = VNM DSPRM MAIN.
Conditions: This symptom is observed on a Cisco router that is configured with multiple voice modules and an AIM-VOICE module. The modules may function properly after the CPUHOG message.
Workaround: There is no workaround.
•CSCsa41234
Symptoms: The CiscoWorks RME (CW2K-RME) import device function fails.
Conditions: This symptom is observed on a Cisco 7206 that runs Cisco IOS Release 12.3(9a) when an SNMP MIB corruption occurs.
Workaround: There is no workaround.
•CSCsa41747
Symptoms: A Cisco AS5300 that handles SIP voice calls may reload because of an address error.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for symmetric NAT and that is used to handle calls from the PSTN and forward them to a SIP network.
Workaround: There is no workaround.
•CSCsa43492
Symptoms: Packets are not switched out of a point-to-point GRE (p-pGRE) tunnel.
Conditions: This symptom is observed intermittently when CEF-switching is configured and when traffic is forwarded out a GRE tunnel interface and then the tunnel packets are forwarded out a BRI interface. Configuring compression, compress stac on the BRI interface will greatly increase how quickly the input queue will become wedged.
Temporary Workaround: Increase the input queue size on the GRE tunnel interface by entering the hold-queue size in command. However, doing so may only work temporarily and the router must be reloaded to clear the input queue.
Further Problem Description: The GRE tunnel interface input queue becomes wedged, but there are no packets in the input queue. Enter the show interfaces tunnel number command to verify if the symptom is occurring. If the input queue looks like the following output with the size larger than or equal to the maximum size and drops increasing, the symptom is occurring:
Input queue: 76/75/1234/0 (size/max/drops/flushes)
You can also check if there are any packets in the input queue by entering the show buffers input-interface interface-type interface-number command.
•CSCsa44421
Symptoms: A router using label switched controlled virtual circuits (LVCs) or switched virtual circuits (SVCs) generates multiple spurious memory accesses, as indicated by log entries similar to the following:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x60104608 reading 0x1F8 %ALIGN-3-TRACE: -Traceback= 60104608 6110286C 61100F1C 61101034 61043628 6100CD3C 61004B64 61006270
Conditions: This symptom is observed when LVCs or SVCs are created. In the case of LVCs, spurious memory accesses occur on the router that has a label-controlled ATM (LC-ATM) interface and that functions as an LSC or a LER.
Workaround: There is no workaround.
•CSCsa44677
Symptoms: A label switch controller (LSC) is unable to clean up a dangling cross-connection in a VSI slave such as a PXM-45.
Conditions: This symptom is observed on a Cisco MGX when there is a dangling connection in a VSI Slave.
Workaround: There is no workaround.
Further Problem Description: The support for extended NAKs was added as an enhancement via CSCee27238 to Cisco IOS interim Release 12.3(10.1)T and interim Release 12.3(10.1)a. Because of CSCsa44677, the same symptoms and conditions that were documented for CSCee27238 do still apply on a Cisco MGX when controller cards and/or line cards switch over:
An extended TAG interface (XTagATM) can remain down and does not recover. Entering the clear interface command from the label switch controller (LSC) for the XTagATM interface, or switching to a redundant MGX line card (AXSM or RPM-XF) that has the switchredcd command enabled, or switching the MGX controller cards that have the switchcc command enabled does not recover the XTagATM interface.
When the problem occurs, an error message similar to the following one is generated:
%VSI_M-2-XCONNFAIL: Cross-connect 12.1/0/631 <-> 4:1.5:5/0/32 failed unexpectedly
The output of the debug vsi errors command on the LSC shows that the control-VC connection commit is acknowledged with a cause code of 12 because there is a dangling connection in the PXM-45.
•CSCsa45302
Symptoms: A Cisco 3660 gateway may crash when a voice call is made.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3 or interim Release 12.3(12.4)T1 when accounting is enabled.
Workaround: There is no workaround.
•CSCsa45312
Symptoms: A router that is configured as a DHCP ODAP client may crash because of a bus error.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.3(11)T.
Workaround: There is no workaround.
•CSCsa45418
Symptoms: A service policy may be removed when the bandwidth for the classes is configured in percentages and you change any interface-related bandwidth parameter.
Conditions: This symptom is observed on a Cisco 7200 series and lower-end routers.
Workaround: There is no workaround. You must re-apply the service policy to the interface.
•CSCsa45740
Symptoms: The upgrade rom-monitor command will not operate properly.
Conditions: This symptom is observed on the Cisco 3725, Cisco 3631, and Cisco 2691 platforms.
Workaround: Use the Cisco IOS image which does not contain the commit change for CSCed90859, for example, Cisco IOS Release 12.3(6). Once the ROMmon upgrade is successful, the user may resume using any Cisco IOS image, including one which contains this issue.
•CSCsa46154
Symptoms: A Route Processor (RP) failover occurs.
Conditions: This symptom occurs when you enter the show route-map command in one session and remove several route maps in rapid succession in another session.
Workaround: Do not enter the show route-map command when you remove route maps in a concurrent vty session.
•CSCsa46334
Symptoms: A Cisco AS5xxx platform may reload unexpectedly with a bus error when you enter the show nextport session tty 4860 command.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3 or Release 12.3(11)T2 but may also occur on other AS5xxx platforms.
Workaround: Do not use invalid TTY lines (such as 4860) in the show nextport session tty command.
•CSCsa46707
Symptoms: An SA-VAM2 stops processing all packets.
Conditions: This symptom is observed sporadically on a Cisco 7200 series that is configured with an NPE-G1 when the SA-VAM2 is configured for AES 192 or AES 256.
Workaround: Reset the SA-VAM2 by entering the no crypto engine accelerator command followed by crypto engine accelerator command. If the symptom persists, disable the SA-VAM2 by entering the no crypto engine accelerator command. Doing so causes the router to switch to software encryption.
•CSCsa46834
Symptoms: When there is a failure between two IPSec peers, DPD can detect that the communication fails. When there are multiple phase 2 SAs and DPD fails, phase 1 SAs are deleted, but only one phase 2 SA is deleted. This is improper behavior: all phase 2 SAs should be deleted.
Conditions: This symptom is observed on a Cisco router that is configured for IPSec ISAKMP when there are multiple ACEs in a dynamic crypto ACL, causing multiple phase 2 SAs to be generated.
Workaround: Enter the clear crypto sa command.
Further Problem Description: If Reverse Route Injection is also configured, the corresponding route is not deleted.
•CSCuk53957
Symptoms: A router that is configured for IPv6 does not remove routes that are associated with an interface that is removed via online insertion and removal (OIR).
Conditions: This symptom is observed when the IPv6 routes are installed on the interface via a CLI command or are learned via a routing protocol. The symptom may occur on any platform that supports OIR and that runs Cisco IOS Release 12.2S, 12.3, or 12.3T.
Workaround: Before you perform an OIR, shut down the interface.
TCP/IP Host-Mode Services
•CSCeg20351
Symptoms: An RR is unable to negotiate the optimal MSS with their MP-BGP neighbors.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.0(28)S1, that functions as an RR, and that has Path MTU Discovery (PMTUD) enabled. The symptom may also occur in other releases.
Workaround: There is no workaround.
Wide-Area Networking
•CSCdv28534
Symptoms: Dialer interfaces may report no SNMP counter increments and the ISDN channel may drop.
Conditions: This symptom is observed when MLP is configured on dialer interfaces on a Cisco router that runs a Cisco IOS release earlier than Release 12.1. Note that the dialer interface statistics increment correctly in Release 12.1.
Workaround: There is no workaround. The fix for this caveat will be applied to Release 12.2 and Release 12.3.
•CSCeb55704
Symptoms: The backup interface command in the startup configuration is removed from the running configuration after a router has reloaded.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.2(12.2)T1, a later 12.2T release, or Release 12.3 when an interface that has the physical-layer async command enabled is configured as a backup interface, when the primary interface is listed before the backup interface in the startup configuration, and when the router is reloaded after you have saved the configuration. Note, however, that the backup interface command is retained in the startup configuration.
Workaround: Configure the router so that the interface that has the physical-layer async command enabled comes before the primary interface (that is, the interface that must be backed up). Note that the symptom does not occur in Release 12.2(12)T or earlier releases.
•CSCed32146
Symptoms: A small buffer leak may occur on a router that has a BRI interface that is in the "Layer 1 Down" state (that is, the interface is not able to establish ISDN Layer 1).
Conditions: This symptom is observed when there is an attempt to activate inactive BRI interfaces. During such an attempt, small buffers are allocated periodically to transmit unnumbered messages to establish the TEI that is to be used on the interface. The buffers cannot be transmitted because the ISDN Layer 1 protocol is down, causing the buffers to be enqueued and lost from the small buffer pool until ISDN Layer 1 becomes active. These enqueued buffers may leak from the small buffer pool, although technically this is not a leak because the buffers are in a queue.
Possible Workaround: Enter the isdn tei-negotiate first-call command.
•CSCee93835
Symptoms: When you remove a policy map that is attached to a service policy or when you make changes in the CIR of a policy class, a router may produce spurious align messages and may crash.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(7.7) or Release 12.3(9) and that is configured for PPP.
Workaround: Do not to make any changes to the policy map or any changes that are related to QoS.
•CSCef77523
Symptoms: The protocol may go down on random Multilink Frame Relay (MFR) link bundles.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S and that is configured with a 1-port channelized OC-12/STM-4 (DS1/E1) ISE line card after you have reloaded the router. The symptom may also occur in other releases such as Release 12.2S and Release 12.3.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•CSCef78529
Symptoms: A Cisco 7500 series may crash when you add or remove PPP encapsulation to or from a serial interface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS interim Release 12.3(11.4) when dLFIoATM and dLFI over Leased Line are configured on the same VIP.
Workaround: There is no workaround.
•CSCef85905
Symptoms: PPP may not default to the stateless mode.
Conditions: This symptom may be observed on any Cisco platform that runs a crypto image and that has MPPE configured on a PPP link.
Workaround: There is no workaround.
•CSCeg04511
Symptoms: Incoming calls to a router may sporadically fail during the PPP IPCP phase, and the following message may appear in the output of the debug PPP command:
Update queued IPCP code[1] id[1]
Conditions: This symptom is observed when the router is configured to accept dialin calls.
Workaround: There is no workaround.
•CSCeg09143
Symptoms: When member links of a multilink PPP (MLP) bundle flap, some links may fail to join the bundle afterwards and therefore remain in the down/down state.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.3 or Release 12.3(7)XI only when there are over 1000 multilink interfaces configured on the router and all interfaces flap at the same time.
Workaround: There is no workaround.
•CSCeg11451
Symptoms: A Cisco platform that functions as a MPLS VPN provider edge (PE) router that is configured as a multihop LNS and that switches L2TP tunnels from the global routing table into a customer VRF may select an incorrect VRF table to send the L2TP control packets to the customer LNS.
Conditions: This symptom is observed in the following scenario:
–One tunnel between the multihop LNS and the customer LNS is established within the VRF.
–A second tunnel is in the process of being established to a different customer LNS in a different VRF.
–Both tunnels use the same VPDN source address and the same VPDN destination address (because two different VRFs are involved, addresses may overlap).
In this scenario, the L2TP control packets that are sent during the establishment of the second tunnel are sent within the VRF context of the first tunnel.
Workaround: Use unique source and/or destination addresses.
•CSCeg14659
Symptoms: MLP TACACS+ authorization does not occur at the same point as LCP authorization and may block the MLP process, causing MLP performance degradation. Also, the wrong protocol value may be sent for various TACACS+ authorizations, causing them to fail, including MLP and VPDN.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 or 12.3T.
Workaround: There is no workaround.
•CSCeg15184
Symptoms: When you set up PPPoA sessions in a stress situation, the following error message may be generated:
%IDMGR-3-INVALID_ID: bad id in id_to_ptr
Conditions: This symptom is observed on a Cisco 10000 series that is configured with about 22,000 active PPPoA sessions and that has a CPU usage of 99 percent. However, the symptom is platform-independent.
Workaround: There is no workaround.
•CSCeg17019
Symptoms: When you bring up a multilink bundle, the bundle interface may become stuck in a state in which it bounces up and down continuously.
Conditions: This symptom is observed on a Cisco 10000 series when you bring up large numbers of multilink interfaces at the same time, for example, by reloading the PXF engine. The symptom may not be platform-specific.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on each multilink interface that is in the state described in the symptoms.
•CSCeg20402
Symptoms: PPP may hang.
Conditions: This symptom is observed after an LCP renegotiation on a serial interface.
Workaround: There is no workaround.
•CSCeg23783
Symptoms: When you enter the shutdown interface configuration command to bring down a multilink interface and the no shutdown interface configuration command to bring it back up, the multilink interface may remain down.
Conditions: This symptom is observed when the multilink member links consist of PPP over ATM (PPPoA) virtual circuits that use a virtual template as their configuration source, when the virtual template is assigned to a multilink group by entering the ppp multilink group command, and when the PPPoA sessions create virtual-access subinterfaces while the multilink interface is shut down.
Workaround: Enter the no virtual-template subinterface global configuration command to prevent virtual-access subinterfaces from being created. Alternatively, you can enter any interface configuration command that is incompatible with virtual-access subinterfaces (for example, the no clns route-cache command) on the virtual-template.
•CSCeg34229
Symptoms: A memory leak occurs on a Cisco 3660 that runs Cisco IOS Release 12.3 and that is configured with PRI time slots. Eventually, the router runs out of memory and reloads.
Conditions: This symptom is observed when a PRI group is configured but not physically connected.
Workaround: Do not provision an ISDN PRI group until the line is activated or connected.
•CSCeg41505
Symptoms: An ISDN BRI interface does not come up when interesting traffic is received.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.5).
Workaround: There is no workaround.
•CSCeg43407
Symptoms: On a router that is configured for SLIP/PPP, spurious memory accesses may be reported in the output of the show alignment command.
Conditions: This symptom is observed after a SLIP/PPP test on an asynchronous modem.
Workaround: There is no workaround.
•CSCeg47331
Symptoms: PPP EAP authentication fails.
Conditions: This symptom is observed when PPP is configured with the ppp authentication eap command and when PPP has the default configuration to proxy to a RADIUS server.
Workaround: Do not use EAP. Rather, use CHAP, PAP, or MSCHAP, or configure EAP to authenticate locally by entering the ppp eap local command. Doing so requires AAA to be configured to authenticate PPP locally and the users that must be authenticated to be defined locally.
•CSCeg53851
Symptoms: IP routes are not updated across an ISDN link.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0S or interim Release 12.3(12.8).
Workaround: There is no workaround.
•CSCeg56208
Symptoms: A router that processes voice calls may crash.
Conditions: This symptom is observed when you enter any show user EXEC command while the router processes calls at a normal level but does not have sufficient memory available.
Workaround: Increase the amount of memory on the router.
•CSCeg67829
Symptoms: A Cisco 7500 series may crash when you enter the microcode reload command.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM, dLFIoFR, and dLFI over leased line and that has the scheduler heapcheck process memory processor command enabled.
Workaround: There is no workaround.
•CSCin85602
Symptoms: A router may crash when the encapsulation of a virtual-template interface is changed.
Conditions: This symptom is observed when the encapsulation is changed from Frame Relay to PPP while PPPoA sessions are coming up.
Workaround: There is no workaround.
•CSCsa47225
Symptoms: PPP IPCP negotiation does not complete on a multilink interface, the output of the show interfaces command shows that the PPP state of the interface is "ACKsent: IPCP", and IPCP is constantly renegotiated on the multilink interface. This situation causes the following symptoms:
–There is no IP connectivity over the affected multilink interface.
–The "PPP IP Route" and "PPP IPCP" processes cause high CPU utilization on the router.
–Many messages with the IPCP state changes are queued to the VIPs. This situation may cause memory allocation failures and CEF to be disabled.
Conditions: These symptoms are observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(12) and that is connected via a PPP multilink interface to another Cisco 7500 series that also runs Release 12.3(12). Note, however, that the symptoms may be platform-independent.
Workaround: There is no workaround. To recover the multilink interface, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink interface.
•CSCsa49019
Symptoms: A memory leak may occur in the "Multilink Events" process, which can be seen in the output of the show memory summary command:
0x60BC47D0 0000000024 0000000157 0000003768 MLP bundle name
0x60BC47D0 0000000028 0000000003 0000000084 MLP bundle name
0x60BC47D0 0000000044 0000000001 0000000044 MLP bundle name
0x60BC47D0 0000000048 0000000001 0000000048 MLP bundle name
0x60BC47D0 0000000060 0000000001 0000000060 MLP bundle name
0x60BC47D0 0000000064 0000000013 0000000832 MLP bundle name
0x60BC47D0 0000000068 0000000008 0000000544 MLP bundle name
0x60BC47D0 0000000072 0000000001 0000000072 MLP bundle name
0x60BC47D0 0000000076 0000000001 0000000076 MLP bundle name
0x60BC47D0 0000000088 0000000018 0000001584 MLP bundle name
Conditions: This symptom is observed when two interfaces are configured in the same multilink group or are bound to the same dialer profile.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(12e)
Cisco IOS Release 12.3(12e) is a rebuild release for Cisco IOS Release 12.3(12). The caveats in this section are resolved in Cisco IOS Release 12.3(12e) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Access Server
•CSCeb41363
Symptoms: Handset calls may intermittently be reported with values in RADIUS accounting attribute 77, 197, and 255.
Conditions: This symptom is observed on a Cisco AS5800.
Workaround: There is no workaround.
Basic System Services
•CSCeh65692
Symptoms: Spurious memory access errors and tracebacks may be generated on a Cisco AS5800.
Condition: This symptom is observed on a Cisco AS5800 that processes TCPclear calls.
Workaround: There is no workaround.
•CSCei61732
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
IP Routing Protocols
•CSCeh47763
Symptoms: A Cisco router may erroneously send ACK packets in response to RST packets for non-local TCP sessions. This can cause high CPU utilization on the router.
Conditions: This symptom occurs when using Port Address Translation (PAT).
Workaround: Use the clear ip nat translation * command.
Miscellaneous
•CSCeg27836
Symptoms: Under some circumstances when eBGP flaps on the PE, packets from another VRF are forwarded to an incorrect interface.
Conditions: This symptom occurs when eBGP flaps on the PE.
Workaround: There is no workaround.
•CSCeg30170
Symptoms: When you perform a stress test on a Cisco 7200 series that processes H.323 voice calls, the following error message and traceback may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x6241A498 reading 0x94 %ALIGN-3-TRACE: -Traceback= 6241A498 6241C788 623EB0F8 623ED694 00000000 00000000 00000000 00000000 DGK7201#
Conditions: This symptom is observed when you make approximately 40 calls per second and when the directory gatekeeper (DGK) loader constantly sends LRQs to the DGKs to query a route server to obtain routes. Note, however, that the router continues to process calls normally.
Workaround: There is no workaround.
•CSCeg44218
Symptoms: A Cisco 3600 series that functions as a voice gateway may crash, and (some of) the following error messages may be generated:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel <channel number>
%HPI-3-CODEC_NOT_LOADED: channel: <channel number>
TSP PRI: tsp_cdb not found
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = VTSP.Conditions: This symptom is observed on a Cisco 3600 series that runs Cisco IOS Release 12.3(10) or 12.3(10a) but may not be platform-specific.
Workaround: There is no workaround.
•CSCeg82614
Symptoms: A memory leak may occur in the in the "CCH323_CT" and "VTSP" processes.
Conditions: This symptom is observed on a Cisco 3660 that is configured for AAA.
Workaround: There is no workaround.
•CSCeh05968
Symptoms: Distributed Sessions Manager (DSM) is flooded with DSP stats messages.
Conditions: This symptom is observed when the event pool is out of events.
Workaround: There is no workaround.
•CSCsa44556
Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.
Workaround: Reload the gatekeeper after you have made the configuration changes.
•CSCsa64278
Symptoms: The "CallID not found" error message is generated several times, followed by a call failure.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for Tcl IVR.
Workaround: There is no workaround.
•CSCsa97663
Symptoms: An ATM interface is unexpectedly removed from an IMA group even though the ATM interface is still in the up/up state, causing T1 links to be disconnected.
Conditions: This symptom is observed on a Cisco 2600 series when you change the Cisco IOS software from Release 12.2(13)T8 to Release 12.3(12b).
Workaround: Re-add the ATM interface to the IMA group by removing and reconfiguring the IMA configuration on the ATM interface.
•CSCsb09190
Symptoms: A router misses an entry in its label forwarding table, which is shown in the output of the show tag-switching forwarding-table EXEC command for the missing entry and in the output of the show ip cef detail EXEC command for the prefix.
Conditions: This symptom is observed on a Cisco router that is configured for Multiprotocol Label Switching (MPLS) and that learns its routes through iBGP from redundant route reflectors (RRs) when BGP labeling is not enabled.
Workaround: There is no workaround. However, when you enter the clear ip route EXEC command for the affected prefix, the prefix is reinstalled in the label forwarding table.
•CSCsb37645
Symptoms: A router may crash during a basic H.323 call with carrier ID routing.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).
Workaround: There is no workaround.
Wide-Area Networking
•CSCsa55747
Symptoms: The RADIUS L2TP-specific disconnect code value for the Ascend-Disconnect-Cause RADIUS attribute (195) is incorrectly generated as 607 instead of 605.
Conditions: This symptom is observed when an L2TP tunnel setup failure occurs between a LAC and an LNS.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(12d)
Cisco IOS Release 12.3(12d) is a rebuild release for Cisco IOS Release 12.3(12). The caveats in this section are resolved in Cisco IOS Release 12.3(12d) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeg62206
Symptoms: High CPU utilization may occur during the TPLUS process on a platform.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6c) and that is configured for TACACS.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(12c)
Cisco IOS Release 12.3(12c) is a rebuild release for Cisco IOS Release 12.3(12). The caveats in this section are resolved in Cisco IOS Release 12.3(12c) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
IP Routing Protocols
•CSCeh13489
Symptoms: A Cisco IOS router running Border Gateway Protocol (BGP) and peering with other routers, under certain conditions may make the other peering routers reset their BGP sessions if it sends an as-path command with length equal or greater than 255.
Conditions: This symptom has been observed when a Cisco router receives a BGP update with an as-path length of 255.
Workaround: Use the bgp max-as limit command to limit the maximum as-path limit to a value less than 255. With this command, the router that receives the update with the excessive as- path will reject the prefix and record the event in the log.
Miscellaneous
•CSCeg16631
Symptoms: When you enter the distribute-list interface command in a global RIP routing context and the interface that is specified in the command is a VRF interface, the command is rejected with the following error message:
% The interface is not in the same VRF as the process
Because the distribute-list interface command is not implemented in the IPv4 VRF address-family, there is no other way to filter networks received in updates via a VRF interface.
Conditions: This symptom is observed in all Cisco IOS releases that integrate the fix for CSCee32557. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee32557. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: In a configuration that is mentioned above, to filter networks received in updates, enter the distribute-list extended-ACL-reference command in which the "source-part" of the extended ACL specifies the prefixes and the "destination part" matches on the IP address of the RIP neighbor.
•CSCeg35786
Symptoms: Twenty percent of received faxes fail. Faxes arrive either partially, as a compressed page, or as invalid TIFF files.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(7)T when the T.37 Store and Forward Fax feature is configured and when the faxes are received by a mail server that is connected to the Cisco AS5850.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(12b)
Cisco IOS Release 12.3(12b) is a rebuild release for Cisco IOS Release 12.3(12). The caveats in this section are resolved in Cisco IOS Release 12.3(12b) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeg41734
Symptoms: The console of a router may stop responding and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(6b) and that is configured with an NPE-G1 when the native Gigabit Ethernet interfaces of the NPE-G1 are used.
Workaround: There is no workaround.
•CSCsa42366
Symptoms: A router may crash because of a memory leak in the SAA/RTR process.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10a) and that is configured for SAA/RTR.
Workaround: Do not perform a getmany command on the rttMonLatestRttOperEntry, rttMonCtrlAdminEntry, and rttMonEchoAdminEntry variable. Do not perform a getone command on the rttMonLatestRttOperAddress variable.
•CSCsa53912
Symptoms: You cannot log on when a TACACS+ server is used for authentication. You get a message that authentication fails and you are asked again to enter your user name.
Conditions: This symptom is observed when you make a Telnet connection to a router that is configured for TACACS+ after you have entered you user name and your TACACS password.
Workaround: Configure the TACACS+ single connection option by entering the tacacs-server host host-name single-connection command.
IBM Connectivity
•CSCeg58906
Symptoms: A Cisco router does not receive a Receiver Ready (RR) message from a device that is connected via an Ethernet link.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10), that is configured for DLSw, and that has a bridge group configured on an Ethernet interface. The symptom occurs only when the following conditions are present:
- NetBIOS is transported via DSLw and the NetBIOS Add Name Response command is used.
- The end system produces a specific frame.
The following is an example of a configuration in which the symptom occurs:
A NetBIOS server connects to a router (Router 1) that connects via a DLSw link to another router (Router 2). Router 2 connects via an Ethernet link to a NetBIOS client.
The MAC address of the NetBIOS client is located in the transparent bridge table on Router 2. When the NetBIOS server transmits a NetBIOS Add Name Response command to the NetBIOS client, Router 2 mishandles the NetBIOS Add Name Response command, causing the MAC address of the NetBIOS client in the transparent bridge table to point to the DLSw interface instead of to the local Ethernet interface. All subsequent LLC2 frames that are sent from Router 2 for this DMAC fail until the end system sends a frame to Router 2, enabling Router 2 to relearn the MAC address of the NetBIOS client for the correct port.
Workaround: There is no workaround.
Interfaces and Bridging
•CSCin86098
Symptoms: One or more ATM PVCs stops transmitting packets.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-A3 or PA-A6-OC3 port adapter when the PVC is configured with CBR and when traffic with more than the configured CBR value passes.
Workaround: There is no workaround.
•CSCin86455
Symptoms: Auto-provisioning may be disabled on a Cisco 7200 series that is configured with a PA-A3 port adapter.
Conditions: This symptom is observed when a VC class that is configured for create on-demand is attached to the main ATM interface and then the create on-demand configuration is removed and re-applied to the VC class.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ATM interface of the PA-A3 port adapter.
•CSCin86673
Symptoms: A VC may become stuck and stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a PA-A3 or PA-A6 port adapter when there is a high traffic load and when the QoS class of the VC is changed.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that contains the affected VC.
IP Routing Protocols
•CSCef60659
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCeg09257
Symptoms: A Cisco 7200 series may reload unexpectedly when you enter the clear ip nat translations global configuration command.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9) when there are several VRFs that are configured with 15,000, 20,000, and 30,000 sessions, when the CPU utilization of the router is at 90 percent of its capacity, and when expired sessions do not time out. The symptom is platform-independent and occurs only on high-end routers that are able to scale up to a very high number of sessions.
Workaround: There is no workaround.
•CSCeg19442
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•CSCeg74205
Symptoms: In a simple network that consists of two routers, SPF calculations occur every minute although no topology changes occur.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS release later than Release 12.3(6b) or Release 12.3(7)T4 and that functions as an ABR router when there are static routes in the network.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(6b) and Release 12.3(7)T4: SPF calculations do not occur every minute.
•CSCeh14015
Symptoms: Connected routes cannot be redistributed from one protocol to another.
Conditions: This symptom is observed on EIGRP routes when using the shut command followed by the no shut command, but could affect other routing protocols.
Workaround: There is no workaround.
•CSCsa59600
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Miscellaneous
•CSCed66010
Symptoms: The endpoint max-calls h323id gatekeeper configuration command works only in one direction.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.3(05b) but may also occur in Release 12.3 T. When the limit that is defined in the endpoint max-calls h323id gatekeeper configuration command is reached, calls are only restricted via an ARJ message when they are originated at the endpoint that is defined in the endpoint max-calls h323id gatekeeper configuration command. Calls that are originated at any other gateway and that are terminated at the gateway that is defined in the endpoint max-calls h323id gatekeeper configuration command are not rejected by the gatekeeper via an ARJ message as they should be.
Workaround: There is no workaround.
•CSCed83616
Symptoms: A Cisco router may reload when you enter the show standby or show standby brief command.
Conditions: This symptom is observed on a Cisco Multiprocessor WAN Application Module MWAM) when multiple HSRP groups are configured and unconfigured in a loop while traffic for the HSRP groups is being processed. The symptom may be platform-independent.
However, a stress scenario in which many HSRP groups are configured and unconfigured while the show standby or show standby brief command is executed may be a rather uncommon scenario.
Workaround: Do not to enter the show standby or show standby brief command while configuration changes are being made.
•CSCee63580
Symptoms: A Cisco router crashes with a software forced exception.
Conditions: This symptom is observed when a large number of PPPoA and/or PPPoE sessions with multiple SSG services are active at the same time.
Workaround: There is no workaround.
•CSCef44699
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef97768
Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.
Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).
Workaround: There is no workaround.
•CSCeg04922
Symptoms: A Cisco 1760 that runs Cisco IOS Release 12.3(6c) may crash because of a SegV exception.
Conditions: This symptom is observed when the following conditions are present:
- A policy map is applied to a VLAN interface.
- The policy map includes the set cos command.
Workaround: Disable Layer 2 class of service (CoS) packet marking by entering the no set cos command.
•CSCeg59923
Symptoms: The following error message is generated during a voice stress test:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel
Conditions: This is symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•CSCeg63430
Symptoms: One-way voice occurs when an IP phone transfers a call back to the PSTN via a Cisco AS5850 after having received the call from the PSTN via the same Cisco AS5400. The caller at the PSTN side hears the transferee at the (other) PSTN side, but not the other way around.
Conditions: This symptom is observed when the Cisco AS5850, which runs Cisco IOS Release 2.3T, connects to the PSTN via an PRI in the following topology:
Caller--Phone--PSTN--PRI--AS5850--CCM--IP Phone Transfer--CCM--AS5850--PRI-- PSTN--Transferee
Workaround: Enable MTP or the Cisco CallManager.
Further Problem Description: Although the symptom is not observed in Cisco IOS Release 12.3, the fix is included in Cisco IOS Release 12.3 as a precaution.
•CSCeg76294
Symptoms: A gateway that has a higher IP address in comparison with its peer may fail to open a TCP connection for a logical channel.
Conditions: This symptom is observed during fast start when a glare condition occurs while both gateways indicate to each other (in facility or other H.225 messages) that the H.245 control channel should be opened.
Workaround: There is no workaround.
•CSCeg79821
Symptoms: A Cisco 7200 VXR router crashes after running out of I/O memory because of a buffer leak in a public particle pool.
Conditions: This symptom is observed on a 7200 VXR router that runs Cisco IOS Release 12.3(9c) or Release 12.3(12) and that is configured with an NPE-G1. The symptom does not occur in Release 12.3(9).
Workaround: There is no workaround.
•CSCeh01182
Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.
Conditions: This symptom is observed on a Cisco voice gateway that is configured with an VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.
Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.
Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.
•CSCin86246
Symptoms: Backup calls are not initiated after you reload the router.
Conditions: This symptom is observed on a Cisco 2800 series that is configured for QoS. When the dialer interface is a designated backup interface and you reload the router, the dialer interface does enter the backup mode even though the primary interface is down.
Workaround: After you have reloaded the router, enter the shutdown command followed by the no shutdown command on the dialer interface.
•CSCin86923
Symptoms: A PVC is unexpectedly removed from an IMA interface when one or more IMA links go down.
Conditions: This symptom is observed on a Cisco router when the bandwidth that is configured for the PVC cannot be supported after one or more IMA links go down.
Workaround: Reconfigure the PVC with a bandwidth that can be supplied by the remaining IMA links.
•CSCsa46758
Symptoms: A router that initiates a rekey uses incorrect proxy identities, causing a VPN client to reject the proxy identities and to disconnect. The log of the VPN client displays the following error message:
Invalid Proxies for requested QM negotiation: LocalProxy : ID=172.16.1.2
Protocol=0 port=0, RemoteProxy : ID=10.48.67.66/0.0.0.0 Protocol=0 port=0 : (PLMgrID:367)Failed to process ID payload (MsgHandler:681)
Failed to process QM Msg 1 (NavigatorQM:386)
Unexpected SW error occurred while processing Quick Mode negotiator: (Navigator:2202)
Discarding IPsec SA negotiation, MsgID=F821A02A
Conditions: This symptom is observed when a VPN Client is connected to a Cisco router that runs Cisco IOS Release 12.3, when the VPN client sends a policy that includes the ip host address command to the router, and when IPSec on the router unexpectedly changes the ACL address in the policy of the VPN client.
Workaround: There is no workaround. Note that the symptom does not occur in Cisco IOS Release 12.3T.
•CSCsa54608
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
•CSCsa62111
Symptoms: A Cisco 7200 series router may see packets stuck in the input queue.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.3(12.10) with an NPE-G1.
Workaround: Reloading the router will clear the input queue, or increasing the input queue using the hold-queue length command beyond the default limit of 75.
•CSCuk56412
Symptoms: An ATM interface of a PA-A3 ATM port adaptor may stop transmitting traffic, the output of the show interface atm slot/port command may show that output drops increment, and the connectivity may stop entirely.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(12.7).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
Alternate Workaround: Enter the clear interface atm slot/port command on the affected interface.
Wide-Area Networking
•CSCef96591
Symptoms: When the command ppp multilink group is used on a Virtual-template interface, a router may crash with an "%Align-1-Fatal Illegal Access to a low address" error followed by a bus error exception.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10) when there are active PPP over ATM or PPP over Frame Relay sessions attached to the Virtual-template.
Workaround: Shut down all PPP over ATM or PPP over Frame Relay sessions before adding the Virtual-template to the multilink group.
•CSCsa52807
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Resolved Caveats—Cisco IOS Release 12.3(12a)
Cisco IOS Release 12.3(12a) is a rebuild release for Cisco IOS Release 12.3(12). The caveats in this section are resolved in Cisco IOS Release 12.3(12a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Interfaces and Bridging
•CSCin84694
Symptoms: On a Cisco 7x00 series that runs Cisco IOS Release 12.3 and that is equipped with an ATM PA-A3 port adapter, the SAR chip of the port adapter may crash or the interface may become stuck.
Conditions: This symptom is observed when there is a high-traffic load on the ATM PA-A3 port adapter and when many VCs are created, deleted, and modified continuously. The symptom may also occur in other releases.
Workaround: There is no workaround.
IP Routing Protocols
•CSCef65500
Symptoms: A Cisco router that is configured for OSPF may generate recurring SYS-3-CPUHOG messages and tracebacks that are caused by the OSPF process:
%OSPF-5-ADJCHG: Process 100, Nbr 10.52.0.186 on ATM1/0.381 from LOADING to FULL, Loading Done
%SYS-3-CPUHOG: Task ran for 4568 msec (243/31), process = OSPF Router, PC = 60B9DFA8.
-Traceback= 60B9DFB0 60B7E6E0 60B7EE58
%OSPF-5-ADJCHG: Process 100, Nbr 10.53.0.66 on ATM1/0.115 from FULL to DOWN,
Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 100, Nbr 10.53.0.66 on ATM1/0.115 from LOADING to FULL, Loading Done
%SYS-3-CPUHOG: Task ran for 4988 msec (569/120), process = OSPF Router, PC = 60B9DFA8.
-Traceback= 60B9DFB0 60B7E6E0 60B7EE58At another date, the following error messages and tracebacks are generated:
%SYS-3-CPUHOG: Task ran for 2224 msec (368/9), process = OSPF Router, PC = 60BA80BC. -Traceback= 60BA80C4 60B8876C 60B88EE4
%OSPF-5-ADJCHG: Process 100, Nbr 10.61.0.26 on ATM2/0.179 from FULL to DOWN,
Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 100, Nbr 10.61.0.26 on ATM2/0.179 from INIT to DOWN,
Neighbor Down: Interface down or detached
%OSPF-5-ADJCHG: Process 100, Nbr 10.61.0.26 on ATM2/0.179 from LOADING to FULL, Loading Done
%SYS-3-CPUHOG: Task ran for 2028 msec (647/283), process = OSPF Router, PC = 60BA80BC. -Traceback= 60BA80C4 60B8876C 60B88EE4
%SYS-3-CPUHOG: Task ran for 2904 msec (552/153), process = OSPF Router, PC = 60BA80BC. -Traceback= 60BA80C4 60B8876C 60B88EE4Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-225 and that runs Cisco IOS Release 12.2(15)T5 or 12.2(15)T13. However, the symptom may be platform-independent and could also occur in other releases.
Workaround: There is no workaround.
Miscellaneous
•CSCef44607
Symptoms: The output of the show spe command shows SPE failures.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•CSCef70871
Symptoms: A Cisco AS5850 looses all connectivity (ISDN, FE, and GE connectivity) and is only accessible via the console port. The "%DSIPPF-5-DS_KEEPALIVE_LOSS: DSIP Keepalive Loss" error message that is generated shortly after the connectivity is lost suggests that the cards in the chassis can no longer communicate with each other too.
Conditions: This symptom is observed after a few hours of normal operation.
Workaround: There is no workaround.
•CSCef73080
Symptoms: A Cisco 7206VXR that is configured with an NPE-G1 may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(8)T3 or 12.3(9a).
Workaround: There is no workaround.
•CSCef88885
Symptoms: When a call is received without ANI information from an IP network and the call is manipulated via a translation rule on the terminating gateway (TGW), the ANI information is not sent in the ISDN connection.
Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(11)T and that functions as a TGW. The symptom occurs only for calls without ANI information. The symptom may also occur in Release 12.3.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(4)T.
•CSCeg09274
Symptoms: The line protocol of a serial interface of a PA-E3 may go down, and the output of the show interfaces serial slot/port command shows that the output queue is wedged (Output queue: 40/40) and that output drops increase.
Conditions: This symptom is observed on a Cisco 7204VXR that is equipped with a PA-E3 when a Fast Ethernet interface is either shut down or disconnected and when the router is configured in the following way:
–The encapsulation frame-relay, frame-relay traffic-shaping, and tx-ring-limit ring-limit commands are enabled on the serial interface of the PA-E3.
–Multiple point-to-point subinterfaces with different Frame Relay Traffic Shaping (FRTS) parameters are applied on each of the subinterfaces, and Class Based Weighted Fair Queueing (CBWFQ) is applied on some of the subinterfaces.
Workaround: Either enter the shutdown command followed by no shutdown command on the serial interface of the PA-E3 or enter the clear interface serial slot/port command on the serial interface of the PA-E3.
•CSCeg27467
Symptoms: A Cisco platform that runs Cisco IOS Release 12.3(10) and that functions as a gatekeeper in an SS7 interconnect configuration may reject calls.
Conditions: This symptom is observed when the following conditions are present:
–The voice gateway is configured with trunk groups and has the Resource Availability Indicator (RAI) threshold enabled.
–When the high threshold value is reached, the voice gateway sends a RAI message with the AlmostOutOfResources field set to "TRUE" to the gatekeeper.
From this point on, the gatekeeper rejects new calls with an Admission Rejection (ARJ) message that indicates that the call capacity of the voice gateway is exceeded.
Workaround: Do not configure Trunk Group and RAI together. If this is not an option, there is no workaround.
•CSCeg41892
Symptoms: When CP tone NL and caller ID are configured and when a caller ID is sent by the call agent, a DSP may time out or crash.
Conditions: This symptom is observed on a Cisco platform that is configured for MGCP and that runs Cisco IOS Release 12.3(8)T5 or Release 12.3(11)T2.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(7)T4.
•CSCeg43753
Symptoms: A router that is configured for RIP and BGP may crash with the following error messages:
System returned to ROM by bus error at PC 0x0, address 0x0 The crashinfo reports the following:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60BBD828, sp=0x64228388 %ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60BBD828, sp=0x64228388 Unexpected exception, CPU signal 10, PC = 0x0
-Traceback= 0 60BBD828 60BAC93C 60BAD790 61FE44C0 60BAD834 60B7C138Symptoms: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9b) and that is configured for MPLS VPN when RIP is partially configured without a network statement and when BGP is redistributed into RIP.
Workaround: Ensure that RIP is configured correctly.
•CSCeg50978
Symptoms: A Cisco 2420 that is configured with a PRI interface enters a boot loop at startup.
Conditions: This symptom is observed on a Cisco 2420 that runs Cisco IOS Release 12.3(12). The symptom does not occur in Release 12.3(9), nor does the symptom occur when the Cisco 2420 that is configured with a T1 CAS interface.
Workaround: There is no workaround.
•CSCin85579
Symptoms: A Cisco 3660 may crash because of an illegal memory access error during the configuring or deconfiguring of an ATM IMA group.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(12.7) and that is configured with an ATM Advanced Integration Module (AIM).
Workaround: There is no workaround.
•CSCsa45418
Symptoms: A service policy may be removed when the bandwidth for the classes is configured in percentages and you change any interface-related bandwidth parameter.
Conditions: This symptom is observed on a Cisco 7200 series and lower-end routers.
Workaround: There is no workaround. You must re-apply the service policy to the interface.
•CSCsa45740
Symptoms: The upgrade rom-monitor command will not operate properly.
Conditions: This symptom is observed on the Cisco 3725, Cisco 3631, and Cisco 2691 platforms.
Workaround: Use the Cisco IOS image which does not contain the commit change for CSCed90859, for example, Cisco IOS Release 12.3(6). Once the ROMmon upgrade is successful, the user may resume using any Cisco IOS image, including one which contains this issue.
•CSCsa46707
Symptoms: An SA-VAM2 stops processing all packets.
Conditions: This symptom is observed sporadically on a Cisco 7200 series that is configured with an NPE-G1 when the SA-VAM2 is configured for AES 192 or AES 256.
Workaround: Reset the SA-VAM2 by entering the no crypto engine accelerator command followed by crypto engine accelerator command. If the symptom persists, disable the SA-VAM2 by entering the no crypto engine accelerator command. Doing so causes the router to switch to software encryption.
Wide-Area Networking
•CSCeg11451
Symptoms: A Cisco platform that functions as a MPLS VPN provider edge (PE) router that is configured as a multihop LNS and that switches L2TP tunnels from the global routing table into a customer VRF may select an incorrect VRF table to send the L2TP control packets to the customer LNS.
Conditions: This symptom is observed in the following scenario:
–One tunnel between the multihop LNS and the customer LNS is established within the VRF.
–A second tunnel is in the process of being established to a different customer LNS in a different VRF.
–Both tunnels use the same VPDN source address and the same VPDN destination address (because two different VRFs are involved, addresses may overlap).
In this scenario, the L2TP control packets that are sent during the establishment of the second tunnel are sent within the VRF context of the first tunnel.
Workaround: Use unique source and/or destination addresses.
•CSCeg14659
Symptoms: MLP TACACS+ authorization does not occur at the same point as LCP authorization and may block the MLP process, causing MLP performance degradation. Also, the wrong protocol value may be sent for various TACACS+ authorizations, causing them to fail, including MLP and VPDN.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 or 12.3T.
Workaround: There is no workaround.
•CSCsa47225
Symptoms: PPP IPCP negotiation does not complete on a multilink interface, the output of the show interfaces command shows that the PPP state of the interface is "ACKsent: IPCP", and IPCP is constantly renegotiated on the multilink interface. This situation causes the following symptoms:
–There is no IP connectivity over the affected multilink interface.
–The "PPP IP Route" and "PPP IPCP" processes cause high CPU utilization on the router.
–Many messages with the IPCP state changes are queued to the VIPs. This situation may cause memory allocation failures and CEF to be disabled.
Conditions: These symptoms are observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(12) and that is connected via a PPP multilink interface to another Cisco 7500 series that also runs Release 12.3(12). Note, however, that the symptoms may be platform-independent.
Workaround: There is no workaround. To recover the multilink interface, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink interface.
Resolved Caveats—Cisco IOS Release 12.3(12)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(12). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(12). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCed33110
Symptoms: A VIP crash may cause memory exhaustion on an RSP, which in turn may cause the RSP to crash.
Conditions: This symptom is observed more frequently on routers with a high IDB count.
Workaround: There is no workaround.
•CSCed49199
Symptoms: The following attributes are duplicated in the RADIUS accounting records of an incoming leg:
Calling-Station-Id Called-Station-Id
Conditions: This symptom is observed on a Cisco platform that is configured for AAA.
Workaround: There is no workaround.
•CSCed62371
Symptoms: A router may reload unexpectedly when a TACACS+ configuration is present in the startup configuration.
Conditions: This symptom is observed on a Cisco 10000 series but may be platform-independent.
Workaround: There is no workaround.
•CSCed91215
Symptoms: Attributes 42 and 43 may be of value "zero" in Connection STOP records.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that run Cisco IOS Release 12.3 or Release 12.3(4)T4 when a TCP-clear call is disconnected by the caller. For call disconnects by the NAS, the values are proper.
Workaround: There is no workaround.
•CSCed93927
Symptoms: The "%RADIUS-3-NOSERVERS: No Radius hosts configured" error message appears after the receipt of a RADIUS Access-Accept packet, preventing accounting updates from being sent.
Conditions: This symptom is observed on a router with a very specific RADIUS server host configuration after you have reloaded the router.
Workaround: Perform the following steps:
1. Remove specific RADIUS commands by entering the following:
no radius-server host 10.0.0.1 auth-port 1645 acct-port 0 non-standard key 7
no radius-server host 10.0.0.1 auth-port 0 acct-port 1646 non-standard key 7
2. Remove all server group configurations by entering the following commands:
no aaa group server radius ACS
no aaa group server radius RAD
3. Reinstall the server group configurations by entering the following commands:
aaa group server radius ACS
server 10.0.0.1 auth-port 1645 acct-port 1646
deadtime 10
!
aaa group server radius RAD
server 10.0.0.2 auth-port 1645 acct-port 1646
deadtime 10
•CSCee20816
Symptoms: A system used for reverse connections, such as a console server or other "milking machine" applications, may unexpectedly restart due to a bus error.
Conditions: The conditions under which this occurs are not well understood, but it is likely that frequent, short-lived connections are more likely to cause the problem than environments where connections are either long-lived or rarely opened and closed.
Workaround: There is no workaround.
•CSCee26662
Symptoms: A platform may reload when the aaa dnis map dnis-number authentication ppp group server-group-name command is entered.
Conditions: This symptom is observed when aaa dnis map commands are enabled.
Workaround: There is no workaround.
•CSCee38838
Symptoms: A crashdump may occur during a two-call-per-second load test on a gateway, and the gateway may reload.
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.3(7)T and that functions as a gateway when you run a two-call-per-second load test that uses H.323, VXML, and HTTP. The crash occurs after approximately 200,000 calls.
Workaround: There is no workaround.
•CSCee48373
Symptoms: Some attributes may be missing in an accounting stop record for an exec session.
Conditions: This symptom is observed when accounting is performed via a TACACS+ server and when the aaa accounting exec default start-stop group tacacs+ command is enabled.
Workaround: There is no workaround.
•CSCee78300
Symptoms: A bus error crash (that is, an illegal access to a low address) may occur in the RADIUS process.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-G1 and that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(3).
•CSCee89849
Symptoms: A router may reload due to an illegal access at a low address.
Conditions: This symptom is observed on a Cisco router when AAA is enabled.
Workaround: There is no workaround.
•CSCee91044
Symptoms: A network operations center (NOC) may receive many false alerts indicating that an IKE tunnel is down. (The IKE tunnel is torn down but immediately rebuilt.)
Conditions: This symptom is observed when SNMP traps are sent for every IKE timeout or rekey but not for an IPSec timeout or rekey.
Workaround: There is no workaround.
•CSCef09641
Symptoms: A Cisco access server may reload because of a bus error at address 0x4000 when calls are made. Additionally, there may be spurious memory access recorded in the logs, as described in CSCed88542.
Conditions: This symptom is observed on a Cisco access server that is configured for AAA and that has the radius-server attribute 8 include-in-access-req command enabled.
Workaround: Remove the radius-server attribute 8 include-in-access-req command from the configuration.
•CSCef15418
Symptoms: A router cannot write to Bootflash.
Conditions: This symptom is observed on a Cisco router after you have entered the squeeze bootflash command.
Workaround: There is no workaround.
•CSCef41296
Symptoms: A router that boots may not accepts commands.
Conditions: This symptom is observed when a Cisco router is reloaded after commands were entered. The symptom occurs because the router changed the order in which the commands were entered and saved the configuration accordingly in the startup file.
Workaround: There is no workaround.
•CSCef46191
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml.
•CSCef50650
Symptoms: A router crashes when it attempt to access a TACACS+ server.
Conditions: This symptom is observed when the TACACS+ server is not up or unreachable.
Workaround: Ensure that the router accesses a valid TACACS+ server that is up and running.
•CSCef52919
Symptoms: A privilege level 1 user is able to log in with a higher privilege level.
Conditions: This symptom is observed on a Cisco platform when the aaa new-model command is enabled, when the privilege level level command is present under the vty lines, and when the level argument has any value from 2 through 15.
Workaround: Do not configure privilege level 1 but configure any other privilege level.
•CSCef65405
Symptoms: DHCP accounting records are not sent to a RADIUS server.
Conditions: This symptom is observed when the aaa accounting delay-start command is configured.
Workaround: Disable the aaa accounting delay-start command. If this is not an option, there is no workaround.
•CSCin78100
Symptoms: A Bootflash and a slave bootflash file system may not be accessible and the following error messages are generated:
Router#dir slavebootflash:
%Error opening slavebootflash:/ (No such device)
Router#dir bootflash:
%Error opening bootflash:/ (No such device)
Router#format bootflash:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "bootflash:". Continue? [confirm]
%Error formatting bootflash (Unspecified error)
Router#dir bootflash:
%Error opening bootflash:/ (No such device)
Conditions: This symptom is observed on a Cisco 7500 series that has an RSP and that runs Cisco IOS interim Release 12.3(9.10) or interim Release 12.3(9.10)T.
Workaround: There is no workaround.
•CSCin78428
Symptoms: A router crashes when you enter the snmp-server host command.
Conditions: This symptom is platform-independent.
Workaround: There is no workaround.
•CSCin79312
Symptoms: An outage may occur when you attempt to connect via the console port to a Cisco ONS 15540, and routine messages are generated that relate to the loss of light on wave ports that are turned on. Interface alarm flaps may cause a hardware watchdog timeout, and the platform may fail to switch over to the standby CPU.
Conditions: These symptoms are observed on a Cisco ONS 15540 during normal operation when optical interfaces are not used not shut down.
Workaround: There is no workaround. Customer should shut any unused interfaces.
•CSCin80276
Symptoms: All attributes that have a zero value are missing from RADIUS access-request and accounting-request records. This situation causes problems with host accounting and service accounting records.
Conditions: This symptom is observed on a Cisco platform when an AAA server is used for RADIUS requests.
Workaround: There is no workaround.
•CSCin80921
Symptoms: An error is returned when an SNMP agent sets the value for a digital port impedance. However, when the impedance is read, the value appears to have been changed.
Conditions: This symptom is observed when the SNMP agent is able to read and set the impedance value for a digital port that does not support the impedance.
Workaround: There is no workaround. However, it does not make any sense to write or read the impedance value for a digital port that does not support the impedance. These actions should be avoided.
IBM Connectivity
•CSCed77877
Symptom: A 4-port serial enhanced port adapter (PA-4T+) may not function when the Synchronous Data Link Control (SDLC) protocol is configured.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: Reload the router to re-initialize the role used in the previous connection.
•CSCef85777
Symptoms: A router that is configured for DLSw may reload because of a software-forced crash, and the following error message is generated:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = DLSw Background.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) and that functions as a DLSw headend router with more than 1400 peers when the router attempts to forward a frame from the local LAN to all remote peers.
Workaround: Implement restrictive filtering that only allows known traffic from the local LAN of the headend router, and limit the number of DLSw peers.
•CSCef95672
Symptoms: DLSw does not function when a SDLC station has the sdlc role prim-xid-poll command enabled.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10). The DLSw circuit is established, but the router does not send the XID to the SDLC station.
Workaround: There is no workaround.
•CSCeg10448
Symptoms: DLSW transparent redundancy does not function via a Fast Ethernet port adapter.
Conditions: This symptom is observed when you use a Fast Ethernet port adapter with a particular third-party vendor chipset.
Workaround: Use a port adapter that uses a different chipset.
Interfaces and Bridging
•CSCed59828
Symptoms: Large MPLS frames that are transmitted over a LANE interface may be dropped.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 when IP packets that are larger than 1500 bytes are transmitted over MPLS via a LANE interface that has an MTU of 1500.
Workaround: There is no workaround.
•CSCef00510
Symptoms: Packets that originate from a Cisco router that is configured with a PA-MC-8TE1+ port adapter may be corrupted and have an invalid FCS. These packets may have the address and control fields compressed even when PFC and ACFC options are explicitly disabled.
Conditions: This symptom is observed only when traffic is presented simultaneously on several B-channels.
Workaround: There is no workaround.
•CSCeg03185
Symptoms: A few permanent virtual circuits (PVCs) go into a stuck state causing OutPktDrops on a Cisco 7200 router.
Conditions: This symptom occurs on a Cisco 7200 router running Cisco IOS Release 12.2(26) with a PA-A3-T3 ATM interface. The symptom may also occur in other releases.
Workaround: Remove and re-apply the PVC statement.
•CSCin79302
Symptoms: A router reloads unexpectedly when the firmware that runs in the SAR of a PA-A3 ATM port adapter crashes.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3 or 12.3 T. However, the symptom could occur on any platform that is configured with a PA-A3 ATM port adapter.
Workaround: There is no workaround.
•CSCin82623
Symptoms: The SAR may crash and PVCs may become stuck on PA-A3 and PA-A6 port adapters.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with PA-A3 and PA-A6 port adapters.
Workaround: There is no workaround. To recover from the symptoms, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on interfaces of the affected port adapters.
Further Problem Description: The fix for this caveat provides an autorecovery mechanism that enables a router to recover from the symptoms without any manual intervention. This autorecovery mechanism is disabled by default and can be enabled via the sar atm-port-name enable command.
IP Routing Protocols
•CSCed90943
Symptoms: EIGRP may crash unexpectedly.
Conditions: This symptom is observed after a Nonstop Forwarding (NSF) restart.
Workaround: Disable EIGRP NSF.
•CSCed93710
Symptoms: NAT is causing some TCP packets to be punted up to process switching. This causes those process switched packets to go through the router slower than the rest of the TCP packets that go through in the fast path. These out-of-order packets are causing this stream to be stopped by the firewall because the firewall thinks these are SYN attack packets instead of a valid TCP stream.
Conditions: If there is enough latency in the Internet then there will be a big enough gap between the packets not to cause this problem. But if you have a fast connection to the Internet this timing issue could arise.
Workaround: Either disable NAT or disable CEF and the ip route-cache command.
•CSCee36622
Symptoms: ABRs may continue to generate summary LSA(s) for obsolete non-backbone intra-area route(s).
Conditions: This symptom occurs under the following conditions:
1. The ABR (call ABR X) has at least one non-backbone area (call area X) in common with one or more additional ABRs.
2. The ABRs are generating summary LSAs, on behalf of the Area X's two or more intra-area routes, into the backbone area and other areas. The two intra-area routes must be advertised as stub links from two different routers; i.e., one from ABR X, and the other from another router belonging to Area X.
3. The summary LSA IDs for the intra-area routes above, when ORed with the host bits of the corresponding masks, yield identical LSA IDs.
For example, 10.10.10.128/25 and 10.10.10.0/24 yield identical LSA IDs when the network address is logically ORed with the host bits; i.e.,
10.10.10.128 | 0.0.0.127 = 10.10.10.255
10.10.10.0 | 0.0.0.255 = 10.10.10.255
Workaround: Perform the clear ip ospf proc command on all ABRs containing the obsolete LSAs.
•CSCee70840
Symptoms: In a DMVPN deployment, hubs may lose IPSec tunnel mapping, crypto socket mapping, and NHRP mapping between themselves.
Conditions: This symptom is observed when the hubs are daisy-chained and there are spokes that are behind NAT (using NAT-T) in the DMVPN network.
Workaround: There is no workaround.
•CSCee85676
Symptoms: When VPNv4 route advertisement are received after BGP has converged, the existing path is updated but imported paths from the original path are not updated accordingly.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when the maximum-paths number-of-paths import number-of-paths command is enabled. The symptom occurs when the path attributes are changed dynamically instead of the path being completely withdrawn and readvertised.
Workaround: Withdraw the prefix from the remote PE router and then readvertise the prefix.
•CSCee87428
Symptoms: NAT may remove one byte from the "Entering passive mode" response from the server. This situation prevents some browsers from opening the data session.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(7)T or a later release, or Release 12.3.
Workaround: There is no workaround.
•CSCee88542
Symptoms: A Cisco router may reload unexpectedly when you enter the show ip msdp peer command.
Conditions: This symptom is observed when the MSDP session flaps while you enter the show ip msdp peer command.
Workaround: There is no workaround.
•CSCef01993
Symptoms: A router may crash while sending OSPF updates.
Conditions: This symptom is observed under low memory conditions during a stress test.
Workaround: There is no workaround.
•CSCef05502
Symptoms: Network Address Translation (NAT) incorrectly resets the TTL of DNS Dynamic Update (RFC2136) Address Records (A-RR) to zero. This situation impacts updates that are sent within the Microsoft Active Directory (AD) system because the AD server refuses A-RR updates that have a TTL of zero.
Conditions: This symptom is observed only for A-RR record types. Record types other than A-RR are not affected.
Workaround: There is no workaround.
•CSCef13633
Symptoms: A SIP "contact" header may be incomplete.
Conditions: This symptom is observed when NAT is configured on a Cisco SOHO 91 router that runs Cisco IOS Release 12.3(8)T.
Workaround: Do not use NAT.
•CSCef16578
Symptoms: There may be no IP connectivity, and an ARP entry for a translated address is missing.
Conditions: This symptom is observed after stateful NAT active router restoration.
Workaround: Enter the clear ip nat translation * command to restore IP connectivity.
•CSCef72736
Symptoms: A spurious memory accesses may occur on a router that has ARP configured.
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3640, Cisco 3631, and Cisco 7200 series when bridging is enabled.
Workaround: There is no workaround.
•CSCef77648
Symptoms: The CPU utilization may increase gradually, packets may drop, and the routing protocol on a DMVPN network may become unstable. This situation may also affect the physical network.
Conditions: This symptom is observed on a Cisco router that is the hub for a DMVPN network and that runs Cisco IOS interim Release 12.3(9.11), 12.3(9.11)T, or a later release. The symptom occurs because the NHRP list of tunnel destinations for multicast packets increases gradually. Each spoke router (that is, tunnel destination) is included in this list multiple times and the number of entries per spoke router increase over time. You can test whether or not this situation is occurring by doing the following:
If you are running EIGRP, OSPF, or RIP over the DMVPN network, ping address 224.0.0.10 for EIGRP, address 224.0.0.5 for OSPF, or address 224.0.0.9 for RIP. If you receive more then one ping reply per spoke router, the spoke router is listed more than once in the NHRP multicast list.
Workaround: Configure static neighbors that use unicast and a passive interface on the mGRE tunnel under the routing protocol configuration and remove the ip nhrp map multicast dynamic command from the tunnel configuration.
Note that this caveat does not occur in Release 12.3(9.10), 12.3(9.10)T, and earlier releases.
•CSCef84393
Symptoms: SIP- and H.323-related registration pin holes time out incorrectly.
Conditions: This symptom is observed in a NAT Overload configuration.
Workaround: There is no workaround.
ISO CLNS
•CSCef08044
Symptoms: The no clns route-cache command is present in the running configuration for all types of interfaces even if an interface does not have CLNS enabled.
Conditions: This symptom is observed after you boot the router.
Workaround: There is no workaround.
•CSCef63090
Symptoms: When you enter the show ip route command, the router may reload because of a chunk memory corruption.
Conditions: This symptom is observed when the router is configured for IS-IS and includes the following configuration:
router isis area-tag display-route-detail
Workaround: There is no workaround.
Miscellaneous
•CSCdt36569
Symptoms: Output may be stuck on some member links of a multilink bundle that is flapped under heavy traffic.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: There is no workaround.
•CSCdt38138
Symptoms: A Cisco 7200 series that is configured for IPSec may reboot with a bus error.
Conditions: This symptom is observed under rare circumstances when a race condition occurs.
Possible Workaround: Reload the router.
•CSCdy75371
Symptoms: If one router (router A) is configured as the source for a segment or end CC cells, then a router at the other end (router B) becomes the sink for segment or end CC cells. If router B does not receive segment or end CC cells, the corresponding PVC state does not go to DOWN.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•CSCea87915
Symptoms: A standby Gigabit Route Processor (GRP) that runs Cisco IOS Release 12.0(26)S may reload after a Stateful Switchover (SSO) to bring up the standby GRP has occurred.
Conditions: This symptom is observed on a Cisco 12000 series in which a 4-port Gigabit Ethernet IP Services Engine (ISE) line card is installed that is configured for IP version 6 (IPv6) multicast and that has 1000 subinterfaces, each configured to forward traffic to a different IPv6 multicast group.
Workaround: There is no workaround.
•CSCeb31767
Symptoms: A flash disk or compact flash disks may not be recognized.
Conditions: This symptom is observed when a new flash disk or compact flash disk (that has not been formatted earlier on a platform that runs Microsoft Windows 95 or 98) is formatted on a platform that runs Microsoft Windows 2000.
Workaround: There is no workaround.
•CSCec63011
Symptoms: A router may reload because of an NVRAM corruption.
Conditions: This symptom is observed when NVRAM is accessed simultaneously by two processes, when one the processes has a file open, and when the second process attempts to open a nonexistent file. The error handling for the second process clears the global NVRAM pointer that is used by the first process. This situation is more likely to occur in a configuration with redundant Route Processors (RPs) but may also occur in a configuration with a single RP when two terminal windows are open.
Workaround: There is no workaround.
•CSCed02844
Symptoms: IPv6 adjacencies may appear as incomplete, and connectivity may be broken. This situation occurs at random times and is not associated with any event in particular. IPv4 adjacencies may appear as incomplete but recover within a minute.
Conditions: This symptom is observed on a Cisco IOS-based router when you enter the clear adjacency command.
Workaround: To restore the correct state of the adjacency, enter the shutdown command followed by the no shutdown command on the affected interface.
•CSCed62240
Symptoms: Some modem connections are not properly released, causing new calls to fail and the answer seizure rate (ASR) to drop.
Conditions: This symptom is when running a dial solution with call control and MGCP.
Running snooper shows that setup attempts fail with a "Release in progress" and a "5xx" return to the PGW.
On the gateway, the output of the show mgcp connection shows that there is an active connection on the gateway:
158. S2/DS1-7/3 C=661CA,363,364 I=0xC9 P=21476,0 M=2 S=4,4 CO=1 E=1,0,0,1 R=0,0
When you check the XCSP ports by entering the show xcsp port slot port command, the resource is in the "Release in progress" state:
as5850-001#show xcsp port 2 7
Slot 2 configured
Number of ports configured=9 slot state= Up
===================================================
Port 7 State= Up type = 5850 24-port E1 active_calls=0
Channel states
0 Idle
1 Idle
2 In Release in progress
3 Idle
Workaround: There is no workaround.
•CSCed70198
Symptom: The line protocol may go down.
Conditions: This symptom is observed when Frame Relay fragmentation is enabled on the main interface.
Workaround: There is no workaround.
•CSCed85535
Symptoms: A Cisco router reloads during a CBQoSMIB regression test.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3 or interim Release 12.3(7.4)T. The symptom may be platform-independent.
Workaround: There is no workaround.
•CSCed93593
Symptoms: The cisco.mgmt.cns.config-changed event message contains invalid changeItem information.
Example: for: (config)#policy-map TEST2
(config-pmap)#class m_new
(config-pmap-c)#shape peak 8010
(config-pmap-c)#priority
(config-pmap-c)#exit
(config-pmap)#desc TESTTEST
(config-pmap)#exit
The 4th changeItem is: Context: <empty>
EnteredCmd: exit
NewConfig#: <empty>
OldConfig#:
!
MyPolicy
test
TEST2
description TESTTEST
class m_new
shape peak 8010
priority
The above-mentioned changeItem information is incorrect.
Conditions: This may occur when the CNS configuration notify agent is configured by the cns config notify command and a policy-map CLI is configured on the Cisco IOS device.
Workaround: There is no workaround.
•CSCed94865
Symptoms: A router reloads when receiving IPX packets.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) and that is configured for IPX networking. The router may reload after named ACLs have been displayed.
Workaround: There is no workaround.
•CSCee01688
Symptoms: A NAS crashes when stress scripts are running and when bulk calls are made.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5800 that are configured for T1 when scripts run that enter the shutdown command followed by the no shutdown command on controllers in digital callers and the clear modem all command in analog callers. The NAS is stressed with both analog and digital calls made from a traffic generator that sends 20 packets per second and the scripts run every 10 minutes.
Workaround: There is no workaround.
•CSCee03464
Symptoms: The SSRC parameter for an RTP packet with a dynamic payload type may be set to zero.
Conditions: This symptom is observed on an IP-IP gateway when the incoming call leg is bridged to the outgoing call leg.
Workaround: There is no workaround.
•CSCee11436
Symptoms: A DSP module may enter a bad state after configuring a DS0 group over E1 or T1 with an FXS Loop Start signal. If a voice call goes into the DSP that is in this state, the call fails.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 or 12.3T.
Workaround: There is no workaround.
•CSCee12172
Symptoms: Although traffic passes through the BRI port, the B1 and B2 LEDs do not light.
Conditions: This symptom is observed on a Cisco 3640 that runs Cisco IOS Release 12.3(1a) and that has a WIC-1B-S/T installed in an NM-2FE-2W in slot 0 after the router has been powered off and on. The symptom may also occur on a Cisco 3620 in the same configuration.
Workaround: Enter the clear interface bri0/0 command to enable the LEDs to function properly.
•CSCee16544
Symptoms: When you use VXML scripts to play WAV files with TTS as an alternative prompt, the WAV files may play at a faster speed then they should play.
Conditions: This symptom is observed when you play g711aLaw WAV files with TTS as an alternate prompt.
Workaround: Convert the WAV files to the g711uLaw format.
Alternate Workaround: Play the WAV files as prompts without TTS as an alternative prompt.
•CSCee18125
Symptoms: A Cisco 831 may crash with a SegV exception when you apply an EZVPN configuration to more than three inside interfaces and try to establish an EZVPN session.
Conditions: This symptom is observed on a Cisco 831 that runs the c831-k9o3y6-mz image of Cisco IOS Release 12.3(2)XE. The symptom may also occur in Release 12.3 or 12.3 T.
Workaround: Do not apply the EZVPN configuration to more than three inside interfaces.
•CSCee19222
Symptoms: An MLP bundle configured between a Cisco 7500 series and any other router may not be able to switch traffic when dCEF is enabled on the Cisco 7500 series.
Conditions: This symptom is observed when LFI is enabled with one member link in the MLP bundle.
Workaround: Either remove dCEF or remove LFI. (A combination of CEF and MLP is not supported.) Note that if there are two member links in the interleaving-enabled MLP bundle, the problem does not occur.
•CSCee19691
Symptoms: A Cisco router may crash when you enter the clear ip route * command multiple times.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2S or Release 12.3 and that is configured for RIP.
Workaround: There is no workaround.
•CSCee22810
Symptoms: On a Cisco 7500 series, all PVCs may suddenly enter the down state and remain in this state for about two minutes before they come back up. During the DLCI down state, the subinterface does not go down and no notifications are observed in the message log.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an RPS4+ or an RSP8 and that runs the rsp-jsv-mz image of Cisco IOS Release 12.2(12i). In addition, the router is configured with an 8-port serial port adapter and an HSSI port adapter, is configured for Frame Relay, and has more than 450 PVCs/DLCIs. Note that the symptom may be platform-independent and may also occur on other Cisco platforms in a similar configuration.
Workaround: There is no workaround.
•CSCee23781
Symptoms: A Cisco AS5850 does not fragment data packets.
Conditions: This symptom is observed when data packets enter the Cisco AS5850 through async (modem) interfaces and when the MTU on the egress Gigabit Ethernet interface is smaller than the ingress MTU or when L2F encapsulation overhead requires fragmentation. Async PPP sessions forwarded via L2TP are not affected by this problem.
Workaround: Increase the Gigabit Ethernet MTU to avoid fragmentation.
•CSCee27238
Symptoms: An extended TAG interface (XTagATM) can remain down and does not recover. Entering the clear interface command from the label switch controller (LSC) for the XTagATM interface, or switching to a redundant MGX line card (AXSM or RPM-XF) that has the switchredcd command enabled, or switching the MGX controller cards that have the switchcc command enabled does not recover the XTagATM interface.
When the problem occurs, an error message similar to the following one is seen:
%VSI_M-2-XCONNFAIL: Cross-connect 12.1/0/631 <-> 4:1.5:5/0/32 failed unexpectedly
The output of the debug vsi errors command on the LSC shows that the control-VC connection commit is acknowledged with a cause code of 12 because there is a dangling connection in the PXM-45.
Conditions: This symptom is observed on an MGX when there are controller cards and/or line cards switching over.
Workaround: There is no workaround.
•CSCee27674
Symptoms: Dynamic prefixes do not get updated by the gateway to the gatekeeper on reregistration due to failover.
Conditions: This has been observed when the gatekeepers are used as an HSRP pair with identical configurations for redundancy and when the gateway tries to re-register with an alternate gatekeeper or stand-by gatekeeper when the primary gatekeeper goes down or becomes unavailable.
Workaround: Manually shut the gatekeeper, or manually unregister the gateway and reregister. The URQ from the gatekeeper is needed.
•CSCee29919
Symptoms: A VoIP gateway may send an incorrect cause code.
Conditions: This symptom is observed under rare circumstances when the VoIP gateway that is connected to the PSTN and that uses R2 signaling seizes the channel and sends a seizure to the PSTN. The PSTN does not respond, and after 5 seconds, the gateway clears the call via a normal disconnect message. This situation causes the CCM to drop the call right away. The gateway should not send a normal disconnect message.
Workaround: There is no workaround.
•CSCee30116
Symptoms: CNS config notify events may stop coming.
Conditions: This symptom is observed when the cns config notify diff command is enabled and when other CNS configuration agents are configured.
Workaround: Enter the no cns config notify command followed by the cns config notify diff command.
•CSCee30390
Symptoms: An "error.semantic" error may occur in an external or internal ECMA script.
Conditions: This symptom is observed when there is an "\n" character in a string in the script.
Workaround: Replace the "\n" character with an "\x0a" character.
•CSCee34422
Symptoms: When the second backup Cisco CallManager (CCM) is down during active load testing, none of the active calls can be sustained.
Conditions: This symptom is observed in a configuration with a cluster of three CCMs: a primary CCM, a first backup CCM, and a second backup CCM. The CCMs run the wscmm-i6s-mz.cmm image of CCM version: 4.0(1).
Workaround: There is no workaround.
•CSCee37430
Symptoms: MPLS-to-IP traffic may not recover after a manual RP switchover in SSO mode.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(29)S and occurs only for prefixes that have static routes configured.
Workaround: Enter the clear ip route network EXEC command in which the network argument is the network or subnet address for which forwarding no longer functions after the manual RP switchover.
Note that the fix for this caveat is integrated in Cisco IOS interim Release 12.3(11.7) and interim Release 12.3(11.7)T.
•CSCee55640
Symptoms: A router may reload if the CNS configuration agent is used to configure a new logical interface on the router.
Conditions: This symptom is observed when syntax check is enabled in the XML message.
Workaround: Disable the syntax check while configuring new interfaces on the router.
•CSCee56098
Symptoms: After running traffic for 24 to 36 hours on an ATM subinterface, tracebacks occur, and the ATM interface and all ATM subinterfaces on the same network module stop sending traffic although the ATM interface is still in the "up/up" state. A ping fails on the interface and the EIGRP neighbor may also be lost. OAM functionality is not affected.
The ATM SAR reports many CRC errors, length violations, and timeout errors. The framer does not report any physical level problems.
Conditions: These symptoms are observed on a Cisco 2600 series that is configured with an ATM network module after running traffic for 24 to 36 hours on the ATM subinterface.
Temporary Workaround: Reset the router until the symptoms occur again after 24 to 36 hours.
•CSCee56976
Symptoms: RIP non-direct neighbor functionality does not work.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3.
Workaround: There is no workaround.
•CSCee64907
Symptoms: Distributed IPv6 CEF may stop functioning.
Conditions: This symptom is observed when you enter the ipv6 cef distributed command.
Workaround: Enter the clear ipv6 route * command.
•CSCee67450
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•CSCee70591
Symptoms: A Cisco 7500 series T3 port adapter (PA-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•CSCee72213
Symptoms: When a WIC-xAM fails during a call, the output of the show modem command shows that the connection is active even though the connection is dropped by the remote side.
Conditions: This symptom is observed on a Cisco 2600 series, 3600 series, and 3700 series that are configured with a WIC-xAM (that is, a 1- or 2-port analog modem).
Workaround: Enter the clear modem command to reset the WIC-xAM.
•CSCee74903
Symptoms: You can configure the idle-character marks command on a WIC-1T with a GT96K serial chipset in the chassis of a Cisco 3725 or Cisco 3745, but the behavior of the line during idle periods is not affected.
Conditions: This symptom is observed on a Cisco 3725 or Cisco 3745 that functions in a STUN or DLSw environment and that is the secondary SDLC device to a third-party vendor server. The Cisco 3725 or Cisco 3745 is configured for several polling addresses (multi-dropped). When one device is unresponsive, the line times out even when the idle-character marks command is configured on the WIC-1T serial interface.
Workaround: Use an NM-4A/S instead of the chassis WIC slots. The NM-4A/S uses the same serial cables as the WIC-1T.
•CSCee75225
Symptoms: High CPU utilization may cause interfaces to flap, and the following spurious memory access messages may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x603C2724 reading 0x194 %ALIGN-3-TRACE: -Traceback= 603C2724 601D2888 601D40B4 00000000 00000000 00000000 00000000 00000000
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(23)S when you the clear cef linecard command.
Workaround: There is no workaround.
•CSCee78118
Symptoms: A line card or port adapter may crash on an MPLS VPN PE router when the customer-facing interfaces are flapped.
Conditions: This symptom is observed when any of the following conditions are present:
–eBGP is used as the routing protocol between the PE and CE router, the CE router has the redistribute connected command enabled in the BGP configuration, and there are multiple eBGP sessions between the PE and CE router.
–The connected route for the link between the CE and PE router is learned from another PE router via MP-iBGP. For example, the CE router may be dual-homed and may advertise the connected routes to both PE routers.
The symptom affects routers that perform MPLS forwarding using ASICs such as some Cisco 7200 series routers, the Cisco 7304, the Cisco 10000 series, the Cisco 12000 series, and the Cisco RPM-XF. (This list may not be exhaustive.)
Workaround: Avoid the above-mentioned conditions. For example, avoid the redistribute connected command in the BGP configuration of the CE router.
•CSCee79688
Symptoms: When you boot a router, VBR-NRT configurations are lost. For example, when MBS is 32 and you boot the router, the VBR-NRT command in the startup configuration is not parsed to the running configuration:
vbr-nrt 1000 1000 32
^
% Invalid input detected at '^' marker.
The following example is a configuration before the symptom occurs:
interface ATM5/0.5 point-to-point
ip address xx.xx.xx.xx 255.255.255.0
pvc 1/105
vbr-nrt 1000 1000 32
!
After you boot the router, the configuration is as follows:
interface ATM5/0.5 point-to-point
ip address xx.xx.xx.xx 255.255.255.0
pvc 1/105
!
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(4.4) or a later release under the following conditions:
–An ATM PVC VBR-NRT is configured.
–The PCR is identical to the SCR.
–The MBS is larger than 1.
Note that symptom does not affect old style PVCs.
Workaround: Reconfigure the PVC to the same PCR and SCR value and configure the MBS value to "1".
•CSCee81486
Symptoms: A Cisco router that is configured with a VAM2+ may crash after operating under stress for a while.
Conditions: This symptom is observed when there are 500 tunnels configured between the router and a peer and when continuos bidirectional traffic of 64-byte packets is sent at a rate of 17000 pps.
Workaround: There is no workaround. Note that the symptom is not observed on a VAM2.
•CSCee84732
Symptoms: The CPU utilization of a router that is configured for Multiprotocol Label Switching (MPLS) may temporarily increase to 80 or 90 percent when a peer router is reloaded or when an interface with a large number of numbered subinterfaces is administratively enabled.
Conditions: The symptom is observed in a rare situation when label distribution protocol (LDP) is used in configurations with a very large number of numbered interfaces. When this problem occurs, the output of the show process cpu sorted command shows that the "Tagcon Addr" process consumes the majority of the CPU cycles.
Workaround: There is no workaround.
•CSCee85985
Symptoms: A spurious memory access may occur on a Cisco 3631, or the router may reload, or both may occur.
Conditions: These symptoms are observed on a Cisco 3661 when you bring up a BRI interface that has the isdn switch-type basic-ni command enabled and you enter the show c3600 command or the show platform command.
Workaround: Do not enter the show c3600 command or the show platform command when an ISDN interface is configured.
•CSCee86692
Symptoms: A Cisco platform that is configured for IPSec may crash under a heavy load.
Conditions: This symptom is observed when the router is configured for IKE Dead Peer Detection (DPD).
Workaround: Disable DPD by entering the no crypto isakmp keepalive command.
•CSCee86812
Symptoms: I/O memory may be depleted on a router and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco router that is configured with an AIM-VPN/HPII module and an NM-16-ESW or an NMD-36ESW network module when QoS preclassification is enabled.
Workaround: There is no workaround.
•CSCee86867
Symptoms: A Cisco router that has a Calling Switching Module (CSM) may reload unexpectedly with a bus error exception.
Condition: This symptom is observed in Cisco IOS Release 12.3 T but may also occur in Release 12.3.
Workaround: There is no workaround.
•CSCee87572
Symptoms: After creating E1 circuits such as 3/7/1 and 3/7/2, counters under 3/7/1 and 3/7/2 may hang the next day.
Conditions: This symptom is observed on a PA-MC-STM-1SMI that is installed in a Cisco 7200 series.
Workaround: There is no workaround.
•CSCee87900
Symptoms: After a Cisco 7301 has crashed because of a parity error, the router may reload continuously with a "signal=10" bus error.
Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS Release 12.3(6a) but may also occur in other releases.
Workaround: There is no workaround.
Further Problem Description: This problem can affect any platform that uses create-on-demand ATM VCs, also known as Auto VCs.
•CSCee91140
Symptoms: There is a dial-peer port conflict when a T1 and an analog port have a similar port address.
Conditions: This symptom is observed when a CCM sets up MGCP dial peers for a NM-HDV2 that is configured with two T1 ports and two FXS ports in the VWIC slot. The CCM creates the same MGCP dial peer (with the same port address) for both the T1 controller and the FXS port, causing one of the two ports to fail to register with the CCM.
Workaround: There is no workaround. The second analog port cannot be used.
•CSCee92010
Symptoms: A a software-forced reload may occur on a Cisco 7200 series.
Conditions: This symptom is observed when the Cisco 7200 series functions as a voice gatekeeper.
Workaround: There is no workaround.
•CSCee93228
Symptoms: Under certain unknown circumstances, a traceroute may trigger a process watchdog.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S2. However, the problem is not specific to a Cisco 12000 series or to Cisco IOS Release 12.0S and may occur on other platforms and in Release 12.2T and Release 12.3.
Workaround; There is no workaround.
•CSCef01518
Symptoms: There are several symptoms:
–One link of an MLP multilink bundle may remain unused.
–If two links are bundled in an MLP bundle, only a fragment is sent on one link and lost fragmentation occurs at the receiving side.
–If only one link is bundled in an MLP bundle, no frame is sent on that link.
Conditions: These symptoms are observed when the number of links in the MLP multilink bundle changes. For example, when the bundle has two links (BRI0:1 and BRI0:2) and you disconnect one link or when the bundle has one link and you add another link.
Workaround: Enter the clear interface BRI EXEC command.
•CSCef01537
Symptoms: A VIP may reload because of a bus error when a corrupted FIBIDB is used unchecked by the router.
Conditions: This symptom is observed rarely on a Cisco 7500 series when MQC is configured.
Workaround Disable the MQC configuration.
•CSCef02388
Symptoms: A VAM2+ may fail to complete initialization.
Conditions: This symptom is observed when you use a 2-Mb flash device and when you use an HSP version earlier than version 3.1.3.
Workaround: Use a validated 1-Mb flash device or use a VAM2.
•CSCef03782
Symptoms: DS0 channels may hang on a Cisco AS5400.
Conditions: This symptom is observed after running a VXML stress test for several hours.
Workaround: There is no workaround. To recover the channel, enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the affected controller.
•CSCef04065
Symptoms: When a blind transfer is initiated, the originating party does not hear a ringback.
Conditions: This symptom is observed when an IVR script on a gateway processes an incoming PSTN call, including prompting for a destination number. Once the call is established with the destination, the destination party transfers the originating party to another destination. During this transfer, the originating party should hear the ringback for the new destination.
Workaround: There is no workaround.
•CSCef04072
Symptoms: A learned RIP default route from a next hop router may not be removed from the routing table when the next hop router goes down.
Conditions: This symptom is observed only on a router that is running both EIGRP and RIP simultaneously. The problem is seen on Cisco IOS Release 12.1 and Release 12.2 mainline, but it may affect other releases.
Workaround: There is no workaround.
•CSCef05857
Symptoms: Cache error reporting does not function for SiByte processors, and messages similar to the following misleading error messages are displayed on the console:
Invalid CPU type 1 Address: 0x00000000 not in TLB
Conditions: This symptom is observed when an L2 cache error occurs on an Sibyte processor such as an NPE-G1.
Workaround: There is no workaround.
•CSCef06881
Symptoms: The first command that you enter on an ATA file system may take a long time to execute.
Conditions: This symptom is observed when there are many (more than 3000) files stored in a complex directory and subdirectory structure on the disk.
Workaround: Do not store so many files on the disk.
•CSCef07948
Symptoms: A Cisco platform may run out of IDBs, preventing users from connecting to new SSG L2TP tunnel services.
Conditions: This symptom is observed when multiple users simultaneously log on to and log off from SSG L2TP tunnel services.
Workaround: Clear the unused virtual-access interfaces with the clear interface Virtual-Access EXEC command.
Further Problem Description: This problem is observed when the number of virtual-access interfaces that are in use increases, which can be seen in the output of show vtemplate EXEC command. The old virtual-access interfaces that have not been cleared show a large idle time, which can be seen in the output of the show user EXEC command.
•CSCef11195
Symptoms: A Cisco router in which MIPS microprocessors are installed may reload unexpectedly.
Conditions: This symptom is observed when the router either runs low on memory or attempts to allocate a large amount of memory.
Workaround: There is no workaround.
•CSCef12409
Symptoms: A router may crash when you enter the show template command.
Conditions: This symptom is observed on a Cisco router that has PPP sessions configured.
Workaround: There is no workaround.
•CSCef13818
Symptoms: A VIP reloads after you enter the ip cef command on the router.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(6b) when IPSec is already enabled and a GRE tunnel is already configured before you enter the ip cef command.
Workaround: There is no workaround.
•CSCef14548
Symptoms: A Cisco router accepts an incoming plaintext that matches the crypto map that is applied to an interface. The packet should be rejected because is should have been encrypted.
Conditions: This symptom is observed when all the following conditions occur:
–The interface is a serial subinterface.
–The interface has both fast switching and CEF switching disabled.
–The outgoing interface for the packet has fast switching or CEF switching enabled.
Workaround: Ensure that all interfaces have fast switching and CEF switching either enabled or disabled.
•CSCef14999
Symptoms: IP SNMP CPU utilization increases to 99 percent when you query for SNASw and DLSw via the mib-2.34.4.1 OID. The CPU utilization of the router goes to 99 percent with about 75 percent in use by the SNASw process.
When you stop the snmpwalk, process, the CPU utilization of the router remains high, and SNASw functionality is affected. When you enter the snasw stop command followed by the snasw start command, SNASw functionality is restored but after you enter the snasw stop command, error messages similar to the following ones are generated:
%SNASW-3-MIBQueryFailure: Query Mode failed. NOF primary rc=4F0 secondary rc=0.
%SNASW-3-MIBQueryFailure: Query COS failed. NOF primary rc=4F0 secondary rc=0.
%SNASW-3-MIBQueryFailure: Query COS Node Row failed. NOF primary rc=4F0 secondary rc=0.
%SNASW-3-MIBQueryFailure: Query COS Node Row failed. NOF primary rc=4F0 secondary rc=0.
%SNASW-3-MIBQueryFailure: Query COS Node Row failed. NOF primary rc=4F0 secondary rc=0.
%SNASW-3-MIBQueryFailure: Query COS Node Row failed. NOF primary rc=4F0 secondary rc=0.
%SNASW-3-MIBQueryFailure: Query COS Node Row failed. NOF primary rc=4F0 secondary rc=0.
%SNASW-3-MIBQueryFailure: Query COS TG Row failed. NOF primary rc=4F0
Conditions: These symptoms are observed on a Cisco 7204VXR that runs Cisco IOS Release 12.3.(9) but could occur on any platform that is configured for SNASw.
Workaround: Stop all DLUR LU-LU sessions, or stop SNASwitch completely.
•CSCef16267
Symptoms: The CPU utilization of a spoke router in a DMVPN network may reach 99 percent, causing the spoke router to become unstable.
Condition: This symptom is observed right after the DMVPN tunnels come up.
Workaround: There is no workaround.
•CSCef16997
Symptom: An I/O memory leak occurs when BSTUN is configured; an interrupt without any data is received.
Conditions: This symptom is observed on a Cisco 2600 series that is configured with a WIC-2A/S.
Workaround: There is no workaround.
•CSCef17778
Symptoms: When a multilink member link joins or leaves the multilink bundle, a router may crash.
Conditions: This symptom is observed when service policies are configured on the multilink bundle.
Workaround: There is no workaround.
•CSCef17891
Symptoms: A Cisco 7500 series that is configured for Distributed Link Fragmentation and Interleaving (DLFI) may cause delays.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a multilink interface after the router is reloaded.
Workaround: Enter the shutdown command followed by the no shutdown command on the multilink interface.
•CSCef18546
Symptoms: During a voice prompt playout to a PSTN call leg, some voice packets may be unexpectedly skipped.
Conditions: This symptom is observed when multiple voice prompt tags are placed very close together.
Workaround: Add some silence, for example 200 msec, to the beginning of the prompt files as a buffer. Doing so should alleviate the problem, but is not guaranteed to be a reliable workaround.
•CSCef21720
Symptoms: A software-forced crash may occur on a gatekeeper that processes an incoming call.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.2(15)T13 and occurs only when a GKTMP server is configured for LRQ triggering.
Workaround: There is no workaround.
•CSCef22069
Symptoms: On a Cisco 12000 series that functions as an egress PE router in an MPLS VPN network, after the customer-facing Gigabit Ethernet line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. To recover from the symptom, manually ping the interface of the CE router from the adjacent PE router.
Workaround: Configure the static ARP entries for the nexthop router that is configured in the static recursive routes.
•CSCef22936
Symptoms: The following commands may fail on some Cisco platforms when the inventory keyword is included in the command:
–cns config initial
–cns config partial
–cns config retrieve
Conditions: This symptom is observed when the name of the card that is installed in the Cisco platform includes at least one of the following characters:
–&
–<
–>
–"
–'
One example is the "2nd generation - E&M Voice daughter card (2 port)" card, which includes the "&" character in its name. The output of the show diag command shows the name of the card.
The symptom is known to occur on the following cards, but this list is not complete:
–VIC2-2E/M
–VWIC-1MFT-E1-DI
–VWIC-2MFT-E1-DI
–VWIC-1MFT-T1-D1
–VWIC-2MFT-T1-D1
Workaround: There is no workaround.
•CSCef24063
Symptoms: A memory leak may occur on a voice gateway that is configured for SIP.
Conditions: This symptom is observed on a Cisco platform that functions as a voice gateway. The symptom occurs when the voice gateway originates a SIP call that uses UDP, when the "200 OK" response to an "Invite" message is retransmitted more than three times, and when an "ACK" message is sent in response to the "200 OK" response.
Workaround: Use TCP as the transport type.
•CSCef24539
Symptom: CLID does not work when calling a long distance number (11 digits) but it does work when calling a local number (7 digits). When dialing a long distance number, the call still completes but the phone displays the Unity port number instead of the CLID.
Conditions: This symptom is observed when you use a VIC2-2FXO or VIC2-4FXO.
Workaround: There is no workaround.
•CSCef25881
Symptoms: A router that functions as a DHCP relay agent may drop DHCP packets that contain option 220. A client may not be able to receive an IP address. The following error message is displayed when the debug ip dhcp server packet command is enabled:
DHCPD: nonhierarchical subnet allocation is not supported in this image.
Conditions: These symptoms are observed when option 220 is used differently by some DHCP clients and servers. (Option 220 is not yet standardized). A Cisco IOS DHCP server or relay agent uses option 220 as a subnet allocation option. This situation may cause problems for certain DHCP clients and servers that use a proprietary option 220 in DHCP packets; such packets may be dropped by a Cisco IOS DHCP server or relay agent.
Workaround: There is no workaround.
•CSCef26053
Symptoms: Load-balancing does not work over a BGP multipath. Some of the traffic may be forwarded correctly while other traffic may be forwarded unlabeled into the MPLS core.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when the following conditions are present:
–The affected route is in a VRF.
–One of the paths is learned from a CE router via an eBGP multihop session.
–The eBGP multihop peer (that is, the CE router) is reachable through the MPLS core and the BGP session does not involve a label exchange.
Workaround: Avoid a multihop eBGP session in which the CE router is reachable through the MPLS core. For example, instead of a configuration in which the CE router connects to the PE router across the MPLS core, configure the CE peer to connect to a local PE router that redistributes the routes it has learned from the CE peer to other PE routers. (The local PE router may need to be configured for eiBGP multipath.)
•CSCef26370
Symptoms: When you copy a Cisco IOS image or any other file to a PC flash card via TFTP, a very high rate of out-of-sequence packets occurs, which can be seen in the "!0!00!0!00!0!0..." output of the copy tftp slot-number command.
The image or file is copied over successfully to the PC flash card, but it takes about three times longer than usual.
Conditions: This symptom is observed on a Cisco platform that has a processor that runs at a low speed.
Workaround: If the file is small, it may be copied to bootflash. There is no other workaround.
•CSCef26431
Symptoms: Voice ports of a VIC-2E/M are stuck in "S_OPEN_PEND" state. When you enter the shutdown command followed by the no shutdown command on an affected voice port, the following message is displayed:
%C542-1-NO_RING_DESCRIPTORS: No more ring descriptors on recEive And transMit 2/0/0. Msg id=26,Len=8^Z
Conditions: This symptom is observed intermittently on a Cisco 3745 that runs Cisco IOS Release 12.3(9) and that functions as a gateway.
Workaround: Reload the Cisco gateway.
•CSCef26740
Symptoms: A Cisco 3700 series crashes when voice calls are made from an FXS to an ISDN PRI.
Conditions: This symptom is observed on a Cisco 3700 series that runs Cisco IOS Release 12.3(9) but may be platform-independent.
Workaround: There is no workaround.
•CSCef26840
Symptoms: A router may hang when a tunnel interface is reconfigured for Next Hop Resolution Protocol (NHRP).
Conditions: This symptom is observed on a router that is configured with an IPSec tunnel after the existing tunnel interface is removed and re-applied. The symptom does not occur when the tunnel interface is configured for the first time.
Workaround: There is no workaround.
•CSCef26926
Symptoms: A Cisco Catalyst 6000 switch or a Cisco 7600 series may reload with CPU signal 10 because of a race condition.
Conditions: This symptom is observed when the platform is configured with a VPN-SM ACE blade, has IPSec features enabled, and functions under a stress load.
Workaround: There is no workaround.
•CSCef28105
Symptoms: When you enter the shutdown command followed by the no shutdown command on an ATM interface, the source address in the ACL changes automatically, causing an IPSec connection between two routers to fail.
The following is an example of an ACL change that may occur:
ip access-list extended acl1
permit ip any host a.b.c.d
permit ip any w.x.y.z 0.0.0.63 <--- this statement is changed to
ip access-list extended acl1
permit ip any host a.b.c.d
permit ip host 0.0.0.0 w.x.y.z 0.0.0.63 <--- this statement
Conditions: This symptom is observed on a Cisco 7206 VXR router that runs the c7200-ik2s-mz image of Cisco IOS Release 12.1(19)E3 or Release 12.3.
Workaround: Manually change the ACL statement back to the original configuration.
•CSCef28703
Symptoms: A Cisco 1700 series crashes when you enter the show controller ethernet command.
Conditions: This symptom is observed only when the Cisco 1700 series is configured with both an an Ethernet WIC and an ADSL or G.SHDSL WIC.
Workaround: There is no workaround.
•CSCef28718
Symptoms: A Cisco 2651, Cisco 3660, or Cisco 3725 that is configured for IP voice may reload.
Conditions: This symptom is observed when the router requests the Malicious Call Identification from the ISDN equipment on the network side.
Workaround: There is no workaround.
•CSCef28765
Symptoms: An error message similar to the following one (in which the tunnel interface is a Generic Routing Encapsulation [GRE] tunnel) and a traceback may be generated:
%IPFAST-2-PAKSTICK: Corrupted pak header for Tunnel8, flags 0x20
In addition, connectivity problems may occur.
Conditions: These symptoms are observed on a router that runs Multiprotocol Label Switching (MPLS) over a GRE tunnel and that advertises an explicit null label.
Workaround: Do not use an explicit null label. Rather, use the default implicit null label.
•CSCef29091
Symptoms: A router may fail to advertise a prefix for which the network portion matches the major net. For example, when 10.0.0.0/8 is the major net, 10.0.0.0/16 is not advertised.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4) or a later release when the subnet between the two routers is in the same classful range as the advertised prefix of the advertising router.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
•CSCef30144
Symptoms: A router is unable to send any data from a DSL-based ATM interface. When the debug atm errors command is enabled, a message similar to the following one is displayed:
ATM0/0: dslsar_process_receive_packet: invalid clipped_tail_size (262144), datagramsize = 140
Conditions: This symptom is observed only when the atm route-bridged ip command is configured on an ATM interface that corresponds to a DSL connection.
Workaround: There is no workaround.
•CSCef30872
Symptoms: When a PPP user that is connected to a Cisco platform that runs SSG features attempts to log into a prepaid service, the authorization request that is sent to a RADIUS server always has the NAS port value of zero.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3.
Workaround: There is no workaround. The symptom does not occur in Release 12.2(4)B6.
•CSCef30921
Symptoms: Address 0.0.0.0 and mask 128.0.0.0 are considered invalid if used in a service profile.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS software image that includes the fix for CSCee13629. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCee13629. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Do not use all zero address. The first octet of the address must be at least one.
•CSCef32634
Symptoms: When 20 calls are brought up per second, the voice call setup may start to fail on a Cisco AS5850 that runs an MGCP application.
Conditions: This symptom is observed when you enter the show running-config command and the show voice call summary command while 20 calls are brought up per second.
Workaround: Do not enter show commands when many calls are brought up per second.
•CSCef32648
Symptoms: Calls after the 10th call are not compressed and bandwidth use doubles.
Conditions: This symptom is observed when class-based cRTP is enabled.
Workaround: Double the bandwidth if you make more than 10 calls.
•CSCef32661
Symptoms: A router crashes intermittently with a SegV exception error.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(8)T or 12.3(8)T1 only when a service policy is applied to a Fast Ethernet subinterface and when the service policy has the set cos command enabled. However, the symptom is platform-independent and may also occur in Release 12.3.
Workaround: There is no workaround.
•CSCef34480
Symptoms: A router crashes when you enter the clear ip audit config command.
Conditions: This symptom is observed on a Cisco router that does not have IDS configured.
Workaround: Configure IDS on any interface of the router. The fix for this caveat enables you to enter the clear ip audit config command even when IDS is not configured.
•CSCef35115
Symptoms: A Cisco 2420 series with active voice calls may crash.
Conditions: This symptom is observed when the serial interface on Cisco 2420 series bounces, for example, when a switchover of a PRE on a connected Cisco 10000 series occurs.
Workaround: There is no workaround.
•CSCef35428
Symptoms: When you perform a micro-reload, a service policy is detached from the virtual template.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dLFIoATM and QoS.
Workaround: Enter the shutdown command followed by the no shutdown command on the interface of the peer router.
•CSCef35501
Symptoms: Alarm propagation fails over an ATM adaption layer 2 (AAL2) trunk.
Conditions: This symptom is observed on a Cisco IAD2420 series that runs Cisco IOS Release 12.3(10) and that is configured for AAL2 trunking.
Workaround: There is no workaround.
•CSCef35942
Symptoms: Tracebacks may occur on a Cisco 7500 series and the router may crash.
Conditions: This symptom is observed when an snmpwalk is performed on SRP interfaces of a Cisco 7500 series.
This situation may be exploited by an attacker to cause DoS symptoms on the router. However, an attacker would need to know the community string to successfully exploit this situation.
Workaround. There is no workaround. Also see CSCed82287.
•CSCef36042
Symptoms: Subscribers cannot access the network when the ssg qos police session command is enabled.
Conditions: This symptom is observed on a Cisco 6400 series NRP that runs Cisco IOS Release 12.3(9).
Workaround: Disable the ssg qos police session command. The symptom does not occur in Release 12.3(6).
•CSCef36356
Symptoms: A gatekeeper may reload unexpectedly because of a bus error when you enter the show gatekeeper zone prefix all command.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS interim Release 12.3(9.12)T when the following conditions occur:
–An H.323 gateway dynamically registers destination pattern in the form <single digit>T (for example, when a dial peer has destination patterns such as 7T, 8T, and so on).
–An H.323 gateway dynamically registers destination pattern in the form <single digit>. (for example, when a dial peer has destination patterns such as 7., 8., and so on).
The symptom may occur in other releases.
Workaround: Configure the H.323 gateway to dynamically register a destination pattern that has at minimum a length of two digits.
•CSCef36944
Symptoms: BRI dial peers are down if one of the peers is configured with a VWIC-1MFT-T1.
Conditions: This symptom is observed on a Cisco router that is configured with a VWIC-1MFT-T1 and occurs because the outbound status for the dial peer is not updated correctly.
Workaround: Disable the dial-peer status checking during the outbound dial-peer matching by entering the no dial-peer outbound status-check pots global configuration command.
•CSCef37186
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time, possibly generating CPUHOG errors and causing a watchdog crash. Other processes on the router may fail because these processes do not receive the CPU bandwidth that they require. Consequently, the following difficulties may occur:
–Routes may time out.
–Tunnels may go down.
–Accessing the router via a Telnet connection to a network port may become impossible.
–The command-line interface (CLI) via the console line may become quite slow to respond.
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed on a Cisco 7300 series when the MPLS-LSR-MIB MIB is enabled, when you query the object mplsXCIndexNext, and when there are more than 1,000 Multiprotocol Label Switching (MPLS) labels active. However, the symptoms are platform-independent.
Workaround: Perform the following steps:
1. Shut down interfaces to bring the total count of active MPLS labels down to far below 1,000.
2. Disable the MPLS-LSR-MIB MIB by entering the following sequence of commands:
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server view nolsrmib iso include
3. Modify each defined community string to include the view nolsrmib keywords. For example, define the "public" community string by entering the following command:
snmp-server community public view nolsrmib ro
4. Enter the no shutdown interface configuration command on all the interfaces that you shut down in Step 1.
•CSCef39466
Symptoms: A router may fail to advertise a major net route such as 10.0.0.0/8 to a RIP peer.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(3.3) or a later release when the route is redistributed from MP-IBGP into RIP and when the subnet connecting the RIP peer is in the classful range of the advertised major net.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
•CSCef39858
Symptoms: The interface of a WIC-1ENET may flap when a link goes up and down, preventing traffic from transiting the WIC-1ENET.
Conditions: This symptom is observed on a Cisco 1721 that has a WIC-1ENET in WIC/VIC slot 0 when you configure HSRP on the interface of the WIC-1ENET and when the interface of another platform that connects to the WIC-1ENET is shut down and brought back up.
Workaround: Enter the shutdown command followed by the no shutdown command on the interface of the WIC-1ENET that is installed in the Cisco 1721.
•CSCef40048
Symptoms: When an underscore character (_) is included in the Subject Name of a certificate for an SSL Services Module (SSLM), the certificate and the subsequent global configuration may not be saved properly to the NVRAM. When the SSLM is reloaded under these circumstances, the certificate is lost, and parsing the subsequent global configuration by the configuration parser results in an error.
Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch and a Cisco 7600 series in which an SSLM is installed but may be platform-independent.
Workaround: Avoid an underscore character in the FQDN of the certificate for the SSLM.
•CSCef41021
Symptoms: On a Cisco AS5850 that is configured to use a backhaul session manager, the backhaul sessions may go down, causing the D-channels to go down too.
Conditions: This symptom is observed when 100 percent CPU utilization occurs on the Cisco AS5850 for 2 seconds or longer.
Workaround: Increase the RUDP retransmission time-out value to 1000 ms.
•CSCef42235
Symptoms: The ISAKMP keepalive Dead Peer Detection (DPD) mechanism stops working.
Conditions: This symptom is observed on a Cisco platform that is connected to a peer when both the Cisco platform and the peer are configured for DPD.
Workaround: Manually clear the SAs to the peer by entering the clear crypto sa command followed by the clear crypto isakmp command.
•CSCef42307
Symptoms: High-speed modems may fail during a modem passthrough call.
Conditions: This symptom is observed when a high-speed modem is used for a modem passthrough call and when the dejitter buffer is configured to be too large or too small to accommodate the modem traffic.
Workaround: There is no workaround.
•CSCef44225
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef44913
Symptoms: A Cisco 7500 series may crash because of a bus error after applying a service policy to a subinterface.
Conditions: This symptom is observed when the Cisco 7500 series runs Cisco IOS Release 12.2(16c) or Release 12.3 when there are many interfaces and subinterfaces configured.
Workaround: Do not apply the service policy to the ATM subinterface. Rather, apply the service policy to the PVC directly.
•CSCef45609
Symptoms: An Engine 3 Quad OC-12 line card that is configured with multicast VPNs may punt traffic to the RP when multicast is disabled by entering the no ip multicast-routing distributed command and then re-enabled by entering the ip multicast-routing distributed command.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(26)S4 or a later release but may also occur in other releases.
Workaround: There is no workaround.
•CSCef45893
Symptoms: Calls are not successful when VPDN L2TP is configured along with callback and when an AAA RADIUS server is used.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(10.2).
Workaround: Remove callback from the client device, the LAC, and the LNS.
•CSCef46050
Symptoms: An IP phone user does not hear the PSTN caller, but the PSTN caller does hear the IP phone user. When you enable debugging, you can see that an H.225 CONNECT message that is received by the router is not relayed to the Q.931 call leg.
Conditions: This symptom is observed on a Cisco IOS voice gateway that is connected to a Cisco CallManager that is configured for H.323.
Workaround: If this is an option, use MGCP instead of H.323. You can also configure the application session command on all POTS dial peers, but doing so may disable some enhanced functionality in SRST mode.
•CSCef46230
Symptoms: A Cisco Access server that terminates virtual-profile calls with per-user access control lists (ACLs) does not remove all per-user ACLs when calls are terminated. This situation may cause the memory of the access server to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco access server that runs a Cisco IOS Release that contains the fix for CSCee01688.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•CSCef49110
Symptoms: When you enter the dir command on a disk, the command fails with a "read_file/dir failed" error message.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2S.
Workaround: Format the disk. Note that the fix for this caveat involves a design change and is therefore integrated in various releases.
•CSCef50713
Symptoms: Traffic may be duplicated when it passes through HSRP-enabled interfaces.
Conditions: This symptom is observed on a Cisco 2600 series that is configured with a Fast Ethernet interface that contain an AM79c971 chip when the connected hub is a layer 2 device (not a switch).
Workaround: Replace the hub with a switch or enter the standby use-bia command on the Fast Ethernet interface.
Further Problem Description: When HSRP enters the standby state after the router has reloaded, the Fast Ethernet interface enters the non-promiscuous mode. When HSRP becomes active on the router, the Fast Ethernet interface enter the promiscuous mode but remains in this mode even when HSRP enters the standby state again.
•CSCef50886
Symptoms: An IMA group with four T1s in the group loses the fourth T1 when the router is reloaded.
Conditions: This symptom is observed on a Cisco 3745 that has a VWIC and an AIM and that is configured for IMA.
Workaround: There is no workaround.
•CSCef51239
Symptoms: When the MPLS LDP Graceful Restart feature is enabled, when label distribution protocol (LDP)-targeted sessions are configured, and when you globally disable LDP by entering the no mpls ip command while a graceful restart-enabled session is recovering, LDP may not be shut down properly.
When you then re-enable LDP by entering the mpls ip command, LDP may not allocate and advertise local labels for certain prefixes. When this situation occurs, MPLS connectivity may be interrupted because the router does not advertise a local label for certain prefixes.
Conditions: This symptom is observed when targeted sessions are requested to support AToM circuits and when the router runs Cisco IOS Release 12.2S, or a release that is based on Release 12.2S, that contains the fix for CSCed18355.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed18355. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Clear the routes for the affected prefixes from the routing table by entering the clear ip route EXEC command. Note that the fix for this caveat is also integrated in Release 12.3 and Release 12.3T.
•CSCef55163
Symptoms: Spurious accesses are recorded when you enter the show alignment command.
Conditions: This symptom is observed on a Cisco platform that functions as a voice dial peer.
Workaround: There is no workaround.
•CSCef55463
Symptoms: When you configure vbr-nrt shaping on two or more PVCs that are defined under the same physical ATM interface, one of the PVCs is subsequently unable to achieve the configured vbr-nrt rate.
Conditions: This symptom is observed when a PA-A3-8E1IMA or PA-A3-8T1IMA port adapter is installed in a Cisco 7xxx series and when the load is equal to or greater than the maximum configured vbr-nrt rate on at least two PVCs.
Workaround: Configure vbr-nrt rates proportionally higher on each PVC. Enter the transmit-priority 1 command on the PVC that must reach the guaranteed vbr-nrt. Doing so causes the other PVC or PVCs to reach approximately 90 to 95 percent of the configured vbr-nrt rate.
•CSCef55635
Symptoms: When the local connection option "nt:LOCAL" is received on a Cisco 2421 that functions as an MGCP gateway, the following error message is generated and the router reloads:
Unexpected exception to CPUvector 1200
Conditions: This symptom is observed when the Cisco 2421 is both the originating and the terminating gateway.
Workaround: Set the local connection option to "nt:IN".
•CSCef56025
Symptoms: When you query the "entPhysicalVendorType" SNMP object in the ENTITY-MIB on a Cisco 837, the chassis type is retrieved from the CISCO-ENTITY-VENDORTYPE-OID-MIB, but the chassis type is not updated:
ENTITY-MIB::entPhysicalVendorType.1 = OID: CISCO-ENTITY-VENDORTYPE-OID- MIB::cevChassis.354
Conditions: This symptom is observed on a Cisco 837 that runs Cisco IOS Release 12.3(8)T3.
Workaround: There is no workaround.
•CSCef56327
Symptoms: You may not be able to configure the clock source line command during the configuration of the SONET controller on a Cisco 7200 series in which a PA-MC-STM1 port adapter is installed.
When you enter the clock source line command during the configuration of the SONET controller, the output of the show running-config command indicates that the clock source is set to line. However, the output of the show controllers sonet command indicates that the clock is set to internal, and when you enter the show running-config command again, the output indicates this time that the clock source is set to internal.
Conditions: This symptom is observed when the PA-MC-STM1 port adapter is connected back-to-back via dark fiber to another PA-MC-STM1 port adapter.
Workaround: Enter the overhead s1byte ignore command on the SONET controller before you configure the clock source.
•CSCef58120
Symptoms: A DLC trace shows that SNASw includes an illegal TG vector in a Topology Update flow to a DLUS host. The TG vector contains a TG that both originates and terminates at the local SNASw node. The host log may show this rejection with sense code 10010021.
Conditions: This symptom is observed when a DLUR-DLUS session is started with the host. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz25898. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround. However, there is no harmful impact so the symptoms may be ignored.
•CSCef58292
Symptoms: A Snasw router may crash and reload.
Conditions: This symptom is observed when the Snasw router has enterprise extender connections configured to multiple upstream main frames and one of the main frames is IPLed.
Workaround: There is no workaround.
•CSCef59293
Symptoms: A Cisco 3725 that has an AIM slot populated may hang sporadically.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(6) or a later release.
Workaround: There is no workaround. To restore the router to normal operation, power-cycle the router.
•CSCef59596
Symptoms: A router may reload with a bus error.
Conditions: This symptom is observed on a Cisco router that is configured for time-division multiplexing (TDM) hairpinning.
Workaround: There is no workaround.
•CSCef61610
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef61641
Symptoms: A change in the controller state does not affect the subrate interface state.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an PA-MC-2T3+ port adapter.
Workaround: There is no workaround. However, you can synchronize the interface with the controller by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•CSCef66399
Symptoms: The output of the show policy interface command does not reflect modified bandwidth.
Conditions: This symptom is observed after you have modified the CBR on a PVC.
Workaround: Reconfigure the PVC.
•CSCef66608
Symptoms: A bus error crash may occur at PC 0x0, address 0x0 on a Cisco AS5850.
Conditions: This symptom is observed on a Cisco AS5xxx access server that runs Cisco IOS Release 12.3, Release 12.3(9)T, or interim Release 12.3(9.11)T.
Workaround: There is no workaround.
•CSCef67203
Symptoms: Calls are cleared properly but corresponding application instances may not be cleared. This situation causes a memory leak, and eventually, when the gateway runs out of memory, causes the gateway to crash.
Conditions: This symptom is observed on a Cisco AS5850 gateway that runs a TCL application that provides TBCT functionality when the Cisco AS5850 gateway interworks with a 5ESS switch.
Workaround: There is no workaround.
•CSCef67682
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0ipv6 traffic-filter nofragments in!ipv6 access-list nofragmentsdeny ipv6 any <my address1> undetermined-transportdeny ipv6 any <my address2> fragmentspermit ipv6 any anyThis must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•CSCef68324
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•CSCef68704
Symptoms: When you enter the show voice call summary command on a Cisco 5850, the CPU utilization increases up to 95 percent and causes Connection Admission Control (CAC) to become active and calls to drop. When the generation of the command output is complete, the CPU utilization is restored to its normal value.
Conditions: This symptom is observed on a Cisco 5850 that has a heavy incoming call load (40 cps) and that is configured for CAC.
Workaround: Do not enter the show voice call summary command.
•CSCef69171
Symptoms: A Cisco VoIP terminating gateway (TGW) may reload unexpectedly because of a bus error when it is registered on a gatekeeper and may generate the following error message and traceback:
Unexpected exception, CPU signal 10, PC = 0x60FE02C0
-Traceback= 60FE02C0 60FDF6F8 60FDFF9C 60FDF5CC 60FDFF9C 60FDF5CC 60FDFF9C 60FDE9D8 60FDF7F8 60FDFF9C 60FE01A8 60FE04C8 60FE061C 60FA4FB0 60FD1154 60FCAF80 60F5B988
Conditions: This symptom is observed on a Cisco platform that functions as a VoIP TGW and that runs Cisco IOS Release 12.3 when a user hangs up the phone, causing the VoIP TGW to send a Disengage Request (DRQ) to the gatekeeper and subsequently to reload.
Workaround: There is no workaround.
•CSCef70242
Symptoms: Low latency queueing (LLQ) and class-based weighted fair queueing (CBWFQ) may not function for MPLS packets. The MPLS packets that conform to the bandwidth that is allocated to these classes may be dropped.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.2S when MPLS packets leave an interface that has an output policy map with priority or bandwidth commands, or both, configured within its classes. The symptom may also occur in Release 12.3 and Release 12.3T.
Workaround: There is no workaround.
•CSCef70748
Symptoms: A WindowsXP service pack2 VPN connection to a Cisco VPN server fails.
Conditions: This symptom is observed after a Windows VPN client using XP service pack2 is able connect to a Cisco VPN server that also functions as a DHCP server. After about 10 seconds, the route that directs traffic to the remote VPN network on the client side disappears. The symptom does not occur when the client connects to a Windows VPN server.
Workaround: There is no workaround.
•CSCef71952
Symptoms: When the Extended Authentication (XAuth) times out, a Unity server deletes all the SAs of its IPSec peers, including the SAs of the IPSec peers that have the same IP address but different port addresses.
Conditions: This symptom is observed when NAT-T is configured and when PAT is configured on the platform that runs NAT.
Workaround: There is no workaround.
•CSCef72772
Symptoms: Spurious memory accesses occur on a gatekeeper during RAS communication for H.323 voice calls.
Conditions: This symptom is observed when the gatekeeper sends an LRQ for a voice call.
Workaround: There is no workaround.
•CSCef73460
Symptoms: An ISA encryption card is not activated when you boot the router.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(11)T or interim Release 12.3(11.4) and that is configured with an NPE-400. Note that the symptom does not occur when the router is configured with an NPE-G1.
Workaround: There is no workaround.
•CSCef77839
Symptoms: A Cisco platform that has a Cisco IOS firewall configured may reload unexpectedly.
Conditions: This symptom is observed under high traffic conditions.
Workaround: There is no workaround.
•CSCef78145
Symptoms: A slave RP may reload unexpectedly.
Conditions: This symptom is on a Cisco 7500 series when you reload the router with the rsp-jsv-mz image of Cisco IOS interim Release 12.3(11.4).
Workaround: There is no workaround.
•CSCef80221
Symptoms: A router that has a QoS policy map with the set cos command attached to an interface in the output direction may reload unexpectedly. The output of the show version command shows an error message similar to the following:
System returned to ROM by bus error at PC 0x60217AD8, address 0x800479
The crashinfo may show information similar to the following:
Unexpected exception, CPU signal 10, PC = 0x60217AD8
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T4 but may also occur in Release 12.3.
Workaround: Remove the set cos command from the policy map.
•CSCef81224
Symptoms: The CNS cisco.mgmt.cns.config.complete message is not sent to the event bus when it should be sent.
Conditions: This symptom is observed when the cns config initial event command is part of the bootstrap configuration of the router but the cns event command is not. The initial configuration that is applied by the cns config initial command includes the cns event configuration command.
Workaround: Enter the cns event command as part of the bootstrap configuration of the router.
•CSCef81415
Symptoms: When the calling number or the called number or both contains the * character, for example *67#1234567890, the call is rejected by the gateway and is released with cause code 63 (service or option not available). In the debugs the following message is generated before call is released:
H225Lib::is_valid_e164_number: Number has non-supported IA5 character - * cch323_ras_arj_notify:called
Conditions: This symptom is observed on a Cisco platform that functions as a gateway in an H.323 VoIP network and that runs Cisco IOS Release 12.3(6c) or another release that contains the fix for CSCee07037. The symptom occurs only in gatekeeper-routed call scenarios, that is, RAS-based call flows.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee07037. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
The symptom does not occur with other characters such as #.
Workaround: There is no workaround.
•CSCef82593
Symptoms: There is no voice path between an IP phone and an MGCP FXS endpoint.
Conditions: This symptom is observed on a Cisco 3600 series when you disconnect a call on the IP phone and, after you hear the dial tone, dial another IP phone. However, the symptom is platform-independent.
Workaround: There is no workaround.
•CSCef83857
Symptoms: A valid route may be removed from the routing table.
Conditions: This symptom is observed on a Cisco router when a remote router is configured with more than one ACL rule for encryption, when a remote failure occurs, and when the remote peer changes its identity (that is, the IP address changes). When the tunnel headend, which is configured for RRI, changes the next-hop address to reflect the identity change of the remote peer, and the routes to the old peer identity are removed, the correct route is added to the Security Association (SA) database and the IP route table of the Cisco router as soon as the first ACL rule is triggered.
However, when new SAs are negotiated for the additional ACL rules, the new correct route may be removed erroneously while the old information for the subsequent ACL rules is removed. (The subsequent ACL rules are negotiated without an explicit next-hop peer to better identify the route.) This situation occurs because the action to delete the current route causes a "blanket" deletion of all network and subnet routes, regardless of the next-hop address to the routes.
Workaround: Configure only one ACL rule for the traffic that must be encrypted.
•CSCef85906
Symptoms: A voice may gateway may hang, you may not be able to make a Telnet connection to the gateway, and the gateway may generate error messages and DSP Farm-related tracebacks such as the following:
%SYS-2-LINKED: Bad enqueue of 646B3C38 in queue 63AD2B20
-Process= "DSP Farm Application Manager", ipl= 4, pid= 188
-Traceback= 60F62190 6000E498 604CCEAC 604C8A70 604CB2E0 604CB480 604C8C18 604C9138 604C9A14 61C1E06C 61C1E050
vnm_dsp_receive_packet: Invalid resources from dsp slot 1 dsp 13 ch 0
vnm_dsp_receive_packet: Invalid resources from dsp slot 1 dsp 13 ch 0
vnm_dsp_receive_packet: Invalid resources from dsp slot 1 dsp 13 ch 0
%SYS-2-LINKED: Bad enqueue of 646B3C38 in queue 63AD2B20
-Process= "DSP Farm Application Manager", ipl= 4, pid= 188
-Traceback= 60F62190 6000E498 604CCEAC 604C8A70 604CB2E0 604CB480 604C8C18 604C9138 604C9A14 61C1E06C 61C1E050
Conditions: These symptoms are observed when there is continuous traffic on a Cisco 2691, Cisco 3825, and Cisco 3745 that run Cisco IOS Release 12.3(8)T, that function as MGCP voice gateways, and that are configured with several voice T1s and a DSP Farm as a conference resource. The symptoms may also occur in Release 12.3.
Workaround: Reload the gateway.
•CSCef86009
Symptoms: An incorrect cause code (0xD NA) is reported at a terminating Cisco AS5850 when a user is busy.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(10).
Workaround: There is no workaround.
•CSCef89078
Symptoms: When you enter the show policy-map interface command for one particular interface, the output shows the policing actions for other interfaces.
Conditions: This symptom is observed when policing is enabled.
Workaround: There is no workaround.
•CSCef89647
Symptoms: A Cisco 7500 series may reload because of a bus error after reporting error messages such as the following ones:
%RSP-3-ERROR: memd write exception, addr 08000000
%RSP-3-ERROR: RSP alignment error on write to QA, addr 08000000Condition: This symptom is observed on a Cisco 7500 series that has MLP links configured for Multiprotocol Label Switching (MPLS).
Workaround: There is no workaround.
•CSCef93751
Symptoms: The VAD state is not restored to the configured setting after a Voice Band Data (VBD) change occurs for the AAL2 trunk.
Conditions: This symptom is observed on a Cisco 3700 series.
Workaround: There is no workaround.
•CSCef97536
Symptoms: When Multiprotocol Label Switching (MPLS) label distribution protocol (LDP) is configured and you enter the clear ip route EXEC command, the MPLS forwarding entries for some of the cleared routing prefixes may become unlabeled.
Conditions: This symptom is observed for prefixes that are connected (with an unspecified nexthop IP address) and that are not locally recognized. This situation may occur in a configuration in which two LDP peers are connected by a point-to-point link that uses PPP encapsulation, and in which both interfaces are configured to use IP addresses with /32 masks.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee12379. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Possible Workaround: Prevent the symptom from occurring by using a shorter network mask when you configure the interfaces or by using another encapsulation such as HDLC.
When the symptom occurs, restore proper operation by forcing the LDP session that is associated with the link to re-establish itself, or by forcing the LDP session to re-advertise labels for the affected prefixes. The LDP session can be reset by entering the clear mpls ldp neighbor command, by administratively disabling and then re-enabling one of the interfaces, or by deconfiguring and then reconfiguring LDP on one of the interfaces. The LDP session can be forced to re-advertise labels by modifying the outbound label filtering configuration. However, this method is complicated and should only be attempted if you are already very familiar with the required procedures, and if the routers do not already have a complicated label filtering configuration in place.
•CSCeg00481
Symptoms: A router fails to receive the Integrated Local Management Interface (ILMI) prefix from the switch side.
Conditions: This symptom occurs during the initial negotiation of ILMI parameters. The output of show atm ilmi-status command does not show the configured ILMI prefix.
Workaround: There is no workaround.
•CSCeg03733
Symptoms: A router may reload because of a memory corruption when you query via getmany or getbulk the entire ciscoCBQosMIB (1.3.6.1.4.1.9.9.166) or when you poll the cbQosQueueingStatsTable or cbQosPoliceStatsTable.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-jsv-mz image of Cisco IOS interim Release 12.3(11.4).
Workaround: Do not query the entire ciscoCBQosMIB and do not poll the cbQosQueueingStatsTable or cbQosPoliceStatsTable.
•CSCeg11398
Symptoms: Mute calls may occur on a Cisco MGCP gateway. The output of the show mgcp connection command shows that the Connection Mode for the originating endpoint remains in a loopback (M=5) after answering the call:
Endpoint Call_ID(C) Conn_ID(I) (P)ort (M)ode ...
1. S7/DS1-0/31 C=3E,315,313 I=0x81 P=0,0 M=3 ...
2. S7/DS1-1/31 C=3E,313,315 I=0x80 P=0,0 M=5 ...
Conditions: This symptom is observed for a hairpin call with COT that is requested on the originating call leg from the PSTN side.
Workaround: Disable COT on the PSTN side.
•CSCeg12497
Symptoms: A Cisco 7200 series that is configured with an NPE-200 and PA-A3 ATM port adapters may reload unexpectedly and fail to boot.
Conditions: This symptom is observed when the PA-A3 ATM post adapters are placed in the higher slots of the router with other high-bandwidth port adapters in between.
Workaround: Place the PA-A3 ATM port adapters in the lower slots (slots 1 and 2) of the router.
Alternate Workaround: Use an NPE-300 or later NPE.
•CSCeg15422
Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:
%VPN_HW-1-PACKET_ERROR slot 0 Packet Encryption/Decryption error, Output Authentication error (0x20000000)
%SYS-2-GETBUF Bad getbuffer, bytes= 42565 -Process= "Crypto HW Proc", ipl= 0, pid= 87 -Traceback= hex numbers
or
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid Packet
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN/EPII, or AIM-VPN/HPII Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM). The symptom occurs after an IPSec SA rekeying. SYS-2-GETBUF tracebacks are seen if Encapsulating Security Payload (ESP) wide-key Advanced Encryption Standard (AES) 192 or 256 is configured.
Workaround: Use the appropriate AIM-VPN-BPII-Plus or AIM-VPN/EPII-Plus or AIM-VPN/HPII-Plus AIM.
Alternate Workaround 1: If AES 192 or 256 is configured, use ESP AES 128-bit keys.
Alternate Workaround 2: If AES 192 or 256 is configured, use a Data Encryption Standard (DES) transform instead.
•CSCeg19298
Symptoms: A router may crash when you enter the show running-config command.
Conditions: This symptom is observed when a bundle is configured on an ATM interface and when you enter the show running-config after you have entered the no protocol protocol-address command for the bundle.
Workaround: There is no workaround.
•CSCin68560
Symptoms: A software-forced reload may occur on a Cisco 3660.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround.
•CSCin70629
Symptoms: Attribute 45 is not sent in accounting records.
Conditions: This symptom is observed on a Service Selection Gateway (SSG).
Workaround: There is no workaround.
•CSCin71398
Symptoms: An Ethernet connection may be stuck on a Cisco uBR900 series cable modem.
Conditions: This symptom is observed on a Cisco uBR900 series cable modem that runs Cisco IOS Release 12.2(15)CZ when following conditions are present:
–The cable interface is reset.
–There is downstream traffic.
–The modem is configured with a DHCP proxy, NAT, or routing mode without IP cache entries.
The symptom may also occur in Release 12.3.
Workaround: Enter the clear interface ethernet 0 command.
•CSCin71824
Symptoms: Tracebacks are seen on a NAS when a voice call is disconnected.
Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that function as a NAS.
Workaround: There is no workaround.
•CSCin74155
Symptoms: A router that functions under a heavy load with SSHv2 clients may crash if any of the SSH clients are terminated.
Conditions: This symptom is observed when the following conditions are present:
–The CPU utilization above 70 percent.
–There are continuous sweep pings from two far-end routers that have the debug ip packet command enabled to create continuous logs for the SSH clients.
–The no logging console command is configured.
–A connection is made from a couple of SSHv2 clients, you enable the terminal monitor command, and you terminate the SSHv2 clients while continuous messages are being generated.
–The TCP window size is reduced.
Workaround: Avoid using SSHv2 when the router is very stressed.
•CSCin77553
Symptom: A PA-A3-8T1IMA or PA-A3-8E1IMA port adapter that is installed in a Cisco 7xxx series may display an increasing "rx_no_buffer" counter in the output of the show controllers atm privileged EXEC command, and some PVCs that are configured on the port adapter may stop receiving traffic.
Conditions: This symptom is observed when there is a high-traffic load on the PA-A3-8T1IMA or PA-A3-8E1IMA port adapter.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-A3-8T1IMA or PA-A3-8E1IMA port adapter, or as an alternate workaround, reset the VIP or FlexWAN.
•CSCin78144
Symptoms: A Simple Network Management Protocol (SNMP) trap message is displayed on the console of a Cisco router. Trap messages may be sent by the router. No other functionality is affected.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series that run Cisco IOS Release 12.0(29)S when SNMP is enabled and when an Inverse Multiplexing over ATM (IMA) interface goes up or down.
Workaround: There is no workaround.
•CSCin78319
Symptoms: When a Node Switch Processor (NSP) OC-12 interface is configured for unidirectional Automatic Protection System (APS) and the protect side is nonfunctional, you can still initiate a forced switchover from the working side to the protect side. This is contrary to the GR-253-CORE Telcordia specification.
Conditions: This symptom is observed on a Cisco 6400 series.
Workaround: Before initiating a forced switchover from the working side, manually verify the integrity of the protect side by entering the show aps command.
•CSCin80221
Symptoms: A Cisco router crashes when you enter the fsck command for an ATA flash disk.
Conditions: This symptom is observed when the boot sector of the ATA flash disk is corrupted and when the router runs a release that is listed in the "First Fixed-in Version" field at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCed58384. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Format the disk.
•CSCin80523
Symptoms: A router that runs Service Selection Gateway (SSG) may reload.
Conditions: This symptom is observed inconsistently when a user logs in to a proxy service.
Workaround: There is no workaround.
•CSCin80853
Symptoms: When an interactive configuration command is applied by the CNS Configuration Agent, the configuration is not applied correctly and the router cannot be configured any further. The reload command does not function either.
Conditions: These symptoms are observed when the CNS Configuration Agent is enabled with the cns config command and when the downloaded configuration includes an interactive configuration.
The crypto ca authenticate command is an example of a downloaded command that triggers the symptoms.
Workaround: Do not use an interactive configuration command via CNS. All interactive commands have a non-interactive equivalent, which you can discover by applying the desired configuration via the console of a router. Then, enter the show running-config command and look for the non-interactive form of the configuration command.
If an interactive configuration command is used via CNS, the router must be power-cycled to be configurable again. (The reload command does not function.) Note that the router continues to route properly until it is power-cycled.
•CSCin80922
Symptoms: A software-forced reload may occur on a Cisco 3660 when you unconfigure a DS0 group on a controller.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS interim Release 12.3(10.3)T1.
Workaround: There is no workaround.
•CSCin81933
Symptoms: At a cold temperature, a Cisco 7200 series does not boot with a PA-A3-8T1IMA or PA-A3-8E1IMA port adapter and generates a watchdog timeout error.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-300 or NPE-400 and an IMA port adapter.
Workaround: There is no workaround.
•CSCin81980
Symptoms: You may not be able to map an AXSM port to an XTagATM interface on an LSC when you enter the extended-port Switch 1 descriptor 1:1.4:2 command.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(11.2)T or Release 12.3 and that functions as an LSC in an MPLS environment.
Workaround: There is no workaround.
•CSCin82407
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
•CSCsa39707
Symptoms: A Cisco router that is configured as a DHCP server may unexpectedly reload upon receiving a DHCP INFORM message on an unnumbered interface.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(11.9) or a later release.
Workaround: Disable the DHCP server.
•CSCuk52353
Symptoms: The CPU utilization is high when you enter a maintenance command such as the show voice call summary command.
Conditions: This symptom is observed on a Cisco AS5850 that is configured for MGCP and that has a heavy load and a high call rate.
Workaround: There is no workaround.
Wide-Area Networking
•CSCeb61797
Symptoms: When you attempt to bring up an ISDN layer 2, the following error message is generated:
srl_send_l2_pak: 131072 protocol not up
Conditions: This symptom is observed on a Cisco platform only when the layer 3 is bound to IUA backhaul.
Workaround: There is no workaround.
•CSCec64116
Symptoms: IPCP may install a route to address 255.255.255.255, which is improper behavior.
Conditions: This symptom is observed on a Cisco router that is configured as a callback server via the ppp callback accept command.
Workaround: Remove the ppp callback accept command from the dialer interface on the callback server.
•CSCed27073
Symptoms: Routes that are learned via EIGRP over a PPPoFR circuit are ignored.
Conditions: This symptom is observed when shaping is not set up for a PPPoFR circuit, causing the bandwidth for the corresponding virtual access interface to be set to zero. In this situation, EIGRP ignores routes that are learned via the interface.
Workaround: Explicitly associate a bandwidth with the virtual access interface by entering the bandwidth command under the corresponding virtual template.
•CSCed87450
Symptoms: A router that is configured for XOT may leave the TCP connection in the "CLOSE_WAIT" state.
Conditions: This symptom is observed when the router receives a malformed XOT packet. An attacker may exploit this situation by sending many malformed XOT packets, which may exhaust the memory of the router and cause Denial of Service (DoS) symptoms.
Workaround: There is no workaround.
•CSCee01960
Symptoms: A buffer leak may occur in the I/O memory of a router that is configured for redial.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4)T1 when a redial call attempt fails because a redial timeout occurs and when an incoming call connects to the same destination as the one for which the redial attempt fails. This situation is a timing problem. The symptom could occur in Release 12.3.
Workaround: There is no workaround.
•CSCee18430
Symptoms: A PPP interface may fail to come up when the router is booted or when the interface resets. When this situation occurs, the interface appears to be physically up but PPP does not start. When you enable logging of PPP negotiation events with the debug ppp negotiation command and when packets arrive on the PPP interface, you can see in the log that PPP discards these inbound frames with an "LCP: Lower layer not up, discarding packet" message even though the lower layer (the link) is up.
Conditions: This symptom is observed when a PPP interface transitions from a down state to an up state at the link level. The symptom is most likely to occur when the router operates under a moderate-to-heavy load, or when large numbers of PPP interfaces simultaneously change state (for example when a channelized interface is reset).
Workaround: Any sequence that resets the interface usually clears the symptom. Therefore, you can enter the clear interface interface-name EXEC command or the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•CSCee56078
Symptoms: A race condition prevents a dialer from being notified that a new call is released. This situation, in turn, prevents available resources from being used.
Conditions: This symptom is observed when an ISDN peer disconnects a call via a DISCONNECT message and when at the same time the modem module hangs up the call, causing modem resources to be cleared.
Workaround: There is no workaround.
•CSCee71988
Symptoms: After you have entered the clear counters command, the output of the show controllers t1 is correctly cleared but the SNMP objects that are supported under the RFC1406-MIB are erroneously cleared of their values.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 and that is configured with a DS1 controller.
Workaround: There is no workaround.
•CSCee81180
Symptoms: A Cisco platform that is configured with a dialer interface may log the following error message and then reload because of a bus error:
SYS-2-FREEBAD: Attempted to free memory at [memory address], not part of buffer pool
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS interim Release 12.3(7.10) with IP, SSH, and 3DES. However, the symptom may be platform-independent.
Workaround: There is no workaround.
•CSCef02653
Symptoms: A Cisco router that is configured for datagram encapsulation over X.25 may fail to respond to pings when X.25 payload compression is enabled.
Conditions: This symptom is observed on a Cisco router that has the x25 map ip command enabled with the compress keyword.
Workaround: Disable X.25 payload compression.
•CSCef05399
Symptoms: Calls after the 25th call fail with the following error message:
ISDN Se1/0:23 **ERROR**: cdapi_process_connect_resp: cdapi sez to reject the call (appl rejected?)
Conditions: This symptom is observed on a Cisco platform that is configured as an NTT ISDN switch and that has two T1 interfaces.
Workaround: There is no workaround.
•CSCef05724
Symptoms: A Cisco router may reload because of a memory corruption in the I/O memory pool.
Conditions: This symptom is observed on a Cisco router that is configured for EAP/TLS authentication, when an authentication timeout occurs.
Workaround: There is no workaround.
•CSCef09921
Symptoms: A Cisco 7200 VXR router unexpectedly reloads because of a watchdog Non-Maskable Interrupt (NMI).
Conditions: This symptom is observed on a Cisco 7200 VXR router that is configured with an NPE-400 and E1 port adapters such as the PA-MC-8E1/120 port adapters.
Workaround: There is no workaround.
•CSCef26648
Symptoms: A memory leak may occur on a Cisco AS5350 or Cisco AS5400 that runs Cisco IOS Release when ISDN synchronous digital calls are made. This situation causes the platform to reload eventually.
Conditions: This symptom is observed in a rare situation during a stress test when ISDN sends a first RELEASE message, a connected switch returns a STATUS message, and ISDN sends a second RELEASE message. The first RELEASE message causes a memory leak.
Workaround: There is no workaround.
•CSCef29165
Symptoms: When an E1 interface goes down or out of service, the NAS does not send a "cic out of service" message to an SS7 platform.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6b), that functions as a NAS, and that is connected to an SS7 platform via an ISDN primary NFAS that is enabled for RLM version 1.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2(15)T9.
•CSCef39441
Symptoms: After forwarding an ISDN dialin connection to an LNS via L2TP, the LAC does not disconnect the ISDN connection upon termination of the L2TP session. The ISDN connection must be terminated by the remote user.
Conditions: This symptom is observed on a Cisco platform that functions as a LAC and that runs Cisco IOS interim Release 12.3(10.2). Note that the symptom does not occur in Release 12.3(10) and earlier releases.
Workaround: There is no workaround.
•CSCef45174
Symptoms: A Cisco router crashes with a SegV exception as soon as a packet is received on a BVI interface.
Conditions: This symptom is observed on a Cisco 2651XM that runs Cisco IOS Release 12.3(9a) and that has IRB configured on an MFR interface. The symptom may be platform-independent and may occur on other platforms in a similar configuration and in other releases.
Workaround: There is no workaround. Note that the symptom does not occur in interim Release 12.3(7.6) and earlier releases.
•CSCef47768
Symptoms: A Layer 2 Tunneling Protocol (L2TP) network server (LNS) may not remove a per-user access control list (ACL) from the configuration. This situation may cause the memory of the LNS to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco router that functions as an LNS in a Large-Scale Dial-Out (LSDO) configuration when a per-user ACL is present in the RADIUS profile of the user and if multilink is negotiated on the connection. This symptom was previously fixed via CSCed34058, but was reintroduced through CSCee01688.
A list of the affected releases can be found at
http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCee01688. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•CSCef48558
Symptoms: A router may crash when a PPP link joins a multilink PPP (MLP) bundle.
Conditions: This symptom is observed when a packet is forwarded to the multilink bundle interface when at the same time a new link joins an active bundle (that is, a bundle that is already running with at least one member link). The likelihood of the symptom occurring is rare, but increases when the system load increases or when the level of outbound traffic on the bundle increases.
Workaround: There is no workaround.
•CSCef52827
Symptoms: A Cisco 7200 router reloads during a test of a VPDN template session limit.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.3(10.3)T.
Workaround: There is no workaround.
•CSCef56356
Symptoms: When a call is placed from the network side to a VoIP CPE that runs Cisco IOS Release 12.3(6c) and when the called party number is configured on a dial peer that points to a deactivated BRI, the VoIP CPE may release the incoming call to the VoIP leg with incorrect disconnection cause code 16 (normal call clearing) instead of cause code 34 (no circuit).
Conditions: This symptom is observed when the BRI is deactivated by a router that functions as a VoIP CPE and that runs Cisco IOS Release 12.3(6c). Note that a router that runs Release 12.2(11)T7 or Release 12.3(6b) sends the proper cause code 34.
Workaround: There is no workaround.
•CSCef67942
Symptoms: The amount of free processor memory slowly decreases because the "IP input" process holds increasingly more memory. This situation finally leads to MALLOC failures and a crash.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6) or a later release, that is configured with dialer interfaces, and that is configured for large-scale dial-out (LSDO).
Workaround: When the amount of free processor memory becomes too low, reload the router when it least affects the service.
•CSCef68547
Symptoms: FR links on 6-port channelized T3 and 2-port OC-3-channelized-to-DS1/E1 line cards may not recover when all of the links are removed and reconfigured for an MFR bundle. The same symptom may occur on serial interfaces.
Conditions: This symptom is observed when all links are removed from and re-added to the bundle while the bundle is briefly in a shut down state.
Workaround: To re-establish the bundles, enter the hw-module slot shelf-id/slot-number reload command. You can also delete and reconfigure the MFR interface or the serial interfaces. To prevent the symptom from occurring, wait a couple of seconds between entering the shutdown command and the no shutdown command when you remove and reconfigure the MFR bundle or serial interfaces.
•CSCef68826
Symptoms: An idle timeout with an idle-group that is applied via a virtual template does not work properly. Not only the traffic that is defined to reset the idle timer does so, but all other traffic does so too, causing a link to remain up when it has any traffic.
Only configurations with idle-timers and idle-groups are affected. Normal idle-timer configurations without idle-groups work correctly.
Note that for the idle timer to work, a virtual template must have some sort of traffic defined that is supposed to reset the idle timer. Only this traffic is supposed to reset the idle timer and no other traffic should reset the idle timer.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS Release later than Release 12.3(3g).
Workaround: There is no workaround. Note that the symptom is not observed in Release 12.2 and Release 12.2T.
•CSCef73128
Symptoms: When RTP header compression (cRTP) is configured over a PPP, MLP, PPPoATM, or PPPoFR link, IP connectivity is lost over this link.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(11.4) or 12.3(11.4)T, that is configured with a PPP link of some sort, and that has cRTP configured either directly on the interface or via an MQC service policy.
Workaround: There is no workaround.
•CSCef77178
Symptoms: When a PPP over X.25 (PPPoX25) link is used as a member link in a multilink PPP (MLP) bundle, outbound packets are dropped rather than transmitted over the link.
Conditions: PPPoX25 links are most commonly encountered as the permanent ISDN D-channel link in a Multilink Always On/Dynamic ISDN (AO/DI) environment. The symptom is observed when the AO/DI channel is also the link that multilink uses to negotiate the various network control protocols (NCPs), preventing the various NCPs from being negotiated successfully because the NCP packets are not transmitted.
Workaround: There is no workaround.
•CSCef78579
Symptoms: Network Control Protocols (NCPs) on MLP or VP interfaces may not come up because PPP may try to run NCPs on the MLP or VP link interface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS interim Release 12.3(11.4) when MLP or VProfiles are used.
Workaround: There is no workaround.
•CSCef82683
Symptoms: An MFR bundle may stay in the down state after redistributing bundle links. The output of the show frame-relay multilink command displays as cause code "inconsistent bundle."
Conditions: This symptom is observed when a Remove-Link message is lost.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected bundle.
•CSCin79140
Symptoms: A router crashes when you apply a map-class configuration to a subinterface that has been unconfigured and reconfigured.
Conditions: This symptom is observed when the following sequence of events occurs:
1. Configure a Frame Relay subinterface.
2. Unconfigure the Frame Relay subinterface.
3. Reconfigure the Frame Relay subinterface.
4. Configure a map class on the subinterface.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(10f)
Cisco IOS Release 12.3(10f) is a rebuild release for Cisco IOS Release 12.3(10). The caveats in this section are resolved in Cisco IOS Release 12.3(10f) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCej18051
Symptoms: Terminal window PPP clients may fail with Cisco Access servers.
Conditions: This symptom has been observed on Cisco AS5400 gateways and Cisco AS5800 servers.
Workaround: There is no workaround.
•CSCsb43767
Symptoms: RADIUS stop packets that are sent to a RADIUS server may contain an incorrect value for the NAS-Port attribute (RADIUS IETF attribute 5). Information that is related to the asynchronous interface is not included in the Cisco-NAS-port VSA.
Conditions: This symptom is observed on when a Cisco router sends stop packets to a RADIUS server via an asynchronous interface.
Workaround: There is no workaround.
Miscellaneous
•CSCeh73049
Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (Tcl) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.
Conditions: Devices that are not running AAA command authorization feature, or do not support Tcl functionality are not affected by this vulnerability.
This vulnerability is present in all versions of Cisco IOS that support the tclsh command.
Workaround: This advisory with appropriate workarounds is posted at http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml
•CSCei21877
Symptoms: The first modem in a service processing element (SPE) is marked busy and the state of the SPE is reported as BAD.
Conditions: This symptom is observed on a Cisco AS5800 that is configured with MICA modems.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected SPE to recover the modem from the busy state.
•CSCsb11124
The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
Cisco has published a Security Advisory on this issue; it is available at http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml
•CSCsc72722
Symptoms: TCP connections that are opened through a Cisco IOS Firewall (CBAC) may not timeout.
Conditions: With Cisco IOS Firewall (CBAC) enabled, the TCP idle timer for a session may be reset even by TCP packets that fail TCP inspection and are subsequently dropped. This could lead to the TCP session not timing out.
Workaround: There is no workaround.
Wide-Area Networking
•CSCei00766
Symptoms: A router may crash when the encapsulation is set to PPP and removed repeatedly.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 or Release 12.4 and that is configured for PPP Link Control Protocol (LCP).
Workaround: There is no workaround.
•CSCsa73099
Symptoms: A router may run out of free memory in the processor pool as a consequence of a memory leak in the ISDN process. The output of the show memory command shows that the blocks of memory that are not freed are allocated for "AAA Event Data" or "AAA Event."
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that includes the fixes for CSCef87435 and CSCef57881 and that is configured with ISDN interfaces that are active.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(10e)
Cisco IOS Release 12.3(10e) is a rebuild release for Cisco IOS Release 12.3(10). The caveats in this section are resolved in Cisco IOS Release 12.3(10e) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Access Server
•CSCeb41363
Symptoms: Handset calls may intermittently be reported with values in RADIUS accounting attribute 77, 197, and 255.
Conditions: This symptom is observed on a Cisco AS5800.
Workaround: There is no workaround.
Basic System Services
•CSCeh65692
Symptoms: Spurious memory access errors and tracebacks may be generated on a Cisco AS5800.
Condition: This symptom is observed on a Cisco AS5800 that processes TCPclear calls.
Workaround: There is no workaround.
•CSCei61732
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
IP Routing Protocols
•CSCeh13489
Symptoms: A router may reset its Border Gateway Protocol (BGP) session.
Conditions: This symptom is observed when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.
Workaround: Configure the bgp maxas limit command in such as way that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and recorded the event in the log.
•CSCeh47763
Symptoms: A Cisco router may erroneously send ACK packets in response to RST packets for non-local TCP sessions. This can cause high CPU utilization on the router.
Conditions: This symptom occurs when using Port Address Translation (PAT).
Workaround: Use the clear ip nat translation * command.
Miscellaneous
•CSCeg30170
Symptoms: When you perform a stress test on a Cisco 7200 series that processes H.323 voice calls, the following error message and traceback may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x6241A498 reading 0x94
%ALIGN-3-TRACE: -Traceback= 6241A498 6241C788 623EB0F8 623ED694 00000000 00000000
00000000 00000000 DGK7201#Conditions: This symptom is observed when you make approximately 40 calls per second and when the directory gatekeeper (DGK) loader constantly sends LRQs to the DGKs to query a route server to obtain routes. Note, however, that the router continues to process calls normally.
Workaround: There is no workaround.
•CSCeg82614
Symptoms: A memory leak may occur in the in the "CCH323_CT" and "VTSP" processes.
Conditions: This symptom is observed on a Cisco 3660 that is configured for AAA.
Workaround: There is no workaround.
•CSCsa44556
Symptoms: When you remove and re-enter the zone circuit-id command, the command may not take effect.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper.
Workaround: Reload the gatekeeper after you have made the configuration changes.
•CSCsa47305
Symptoms: An H.323 version 4 gatekeeper doesn't insert the correct circuit ID based on the remote zone.
Conditions: This symptom has been observed on a gatekeeper running on Cisco IOS Release 12.2(15)T14.
Workaround: There is no workaround.
•CSCsa64278
Symptoms: The "CallID not found" error message is generated several times, followed by a call failure.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for Tcl IVR.
Workaround: There is no workaround.
•CSCsb37645
Symptoms: A router may crash during a basic H.323 call with carrier ID routing.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(3.3).
Workaround: There is no workaround.
Wide-Area Networking
•CSCee71988
Symptoms: After you have entered the clear counters command, the output of the show controllers t1 is correctly cleared but the SNMP objects that are supported under the RFC1406-MIB are erroneously cleared of their values.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3 and that is configured with a DS1 controller.
Workaround: There is no workaround.
•CSCsa55747
Symptoms: The RADIUS L2TP-specific disconnect code value for the Ascend-Disconnect-Cause RADIUS attribute (195) is incorrectly generated as 607 instead of 605.
Conditions: This symptom is observed when an L2TP tunnel setup failure occurs between a LAC and an LNS.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(10d)
Cisco IOS Release 12.3(10d) is a rebuild release for Cisco IOS Release 12.3(10). The caveats in this section are resolved in Cisco IOS Release 12.3(10d) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Miscellaneous
•CSCeg35786
Symptoms: Twenty percent of received faxes fails. Faxes arrive either partially, as a compressed page, or as invalid TIFF files.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(7)T when the T.37 Store and Forward Fax feature is configured and when the faxes are received by a mail server that is connected to the Cisco AS5850.
Workaround: There is no workaround.
•CSCsa54608
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
Wide-Area Networking
•CSCsa52807
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Resolved Caveats—Cisco IOS Release 12.3(10c)
Cisco IOS Release 12.3(10c) is a rebuild release for Cisco IOS Release 12.3(10). The caveats in this section are resolved in Cisco IOS Release 12.3(10c) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCeg41734
Symptoms: The console of a router may stop responding and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(6b) and that is configured with an NPE-G1 when the native Gigabit Ethernet interfaces of the NPE-G1 are used.
Workaround: There is no workaround.
•CSCsa42366
Symptoms: A router may crash because of a memory leak in the SAA/RTR process.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10a) and that is configured for SAA/RTR.
Workaround: Do not perform a getmany command on the rttMonLatestRttOperEntry, rttMonCtrlAdminEntry, and rttMonEchoAdminEntry variable. Do not perform a getone command on the rttMonLatestRttOperAddress variable.
IBM Connectivity
•CSCeg58906
Symptoms: A Cisco router does not receive a Receiver Ready (RR) message from a device that is connected via an Ethernet link.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10), that is configured for DLSw, and that has a bridge group configured on an Ethernet interface. The symptom occurs only when the following conditions are present:
- NetBIOS is transported via DSLw and the NetBIOS Add Name Response command is used.
- The end system produces a specific frame.
The following is an example of a configuration in which the symptom occurs:
A NetBIOS server connects to a router (Router 1) that connects via a DLSw link to another router (Router 2). Router 2 connects via an Ethernet link to a NetBIOS client.
The MAC address of the NetBIOS client is located in the transparent bridge table on Router 2. When the NetBIOS server transmits a NetBIOS Add Name Response command to the NetBIOS client, Router 2 mishandles the NetBIOS Add Name Response command, causing the MAC address of the NetBIOS client in the transparent bridge table to point to the DLSw interface instead of to the local Ethernet interface. All subsequent LLC2 frames that are sent from Router 2 for this DMAC fail until the end system sends a frame to Router 2, enabling Router 2 to relearn the MAC address of the NetBIOS client for the correct port.
Workaround: There is no workaround.
IP Routing Protocols
•CSCef60659
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef77648
Symptoms: The CPU utilization may increase gradually, packets may drop, and the routing protocol on a DMVPN network may become unstable. This situation may also affect the physical network.
Conditions: This symptom is observed on a Cisco router that is the hub for a DMVPN network and that runs Cisco IOS interim Release 12.3(9.11), 12.3(9.11)T, or a later release. The symptom occurs because the NHRP list of tunnel destinations for multicast packets increases gradually. Each spoke router (that is, tunnel destination) is included in this list multiple times and the number of entries per spoke router increase over time. You can test whether or not this situation is occurring by doing the following:
If you are running EIGRP, OSPF, or RIP over the DMVPN network, ping address 224.0.0.10 for EIGRP, address 224.0.0.5 for OSPF, or address 224.0.0.9 for RIP. If you receive more then one ping reply per spoke router, the spoke router is listed more than once in the NHRP multicast list.
Workaround: Configure static neighbors that use unicast and a passive interface on the mGRE tunnel under the routing protocol configuration and remove the ip nhrp map multicast dynamic command from the tunnel configuration.
Note that this caveat does not occur in Release 12.3(9.10), 12.3(9.10)T, and earlier releases.
•CSCeg19442
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•CSCeg74205
Symptoms: In a simple network that consists of two routers, SPF calculations occur every minute although no topology changes occur.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS release later than Release 12.3(6b) or Release 12.3(7)T4 and that functions as an ABR router when there are static routes in the network.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(6b) and Release 12.3(7)T4: SPF calculations do not occur every minute.
•CSCeh14015
Symptoms: Connected routes cannot be redistributed from one protocol to another.
Conditions: This symptom occurs on EIGRP routes when using the shut command followed by the no shut command.
Workaround: There is no workaround.
•CSCsa59600
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Miscellaneous
•CSCed66010
Symptoms: The endpoint max-calls h323id gatekeeper configuration command works only in one direction.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.3(05b) but may also occur in Release 12.3 T. When the limit that is defined in the endpoint max-calls h323id gatekeeper configuration command is reached, calls are only restricted via an ARJ message when they are originated at the endpoint that is defined in the endpoint max-calls h323id gatekeeper configuration command. Calls that are originated at any other gateway and that are terminated at the gateway that is defined in the endpoint max-calls h323id gatekeeper configuration command are not rejected by the gatekeeper via an ARJ message as they should be.
Workaround: There is no workaround.
•CSCed83616
Symptoms: A Cisco router may reload when you enter the show standby or show standby brief command.
Conditions: This symptom is observed on a Cisco Multiprocessor WAN Application Module MWAM) when multiple HSRP groups are configured and unconfigured in a loop while traffic for the HSRP groups is being processed. The symptom may be platform-independent.
However, a stress scenario in which many HSRP groups are configured and unconfigured while the show standby or show standby brief command is executed may be a rather uncommon scenario.
Workaround: Do not to enter the show standby or show standby brief command while configuration changes are being made.
•CSCef44699
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef61610
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef67682
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml contain fixes for this issue.
•CSCef68324
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•CSCef97768
Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.
Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).
Workaround: There is no workaround.
•CSCeg04922
Symptoms: A Cisco 1760 that runs Cisco IOS Release 12.3(6c) may crash because of a SegV exception.
Conditions: This symptom is observed when the following conditions are present:
- A policy map is applied to a VLAN interface.
- The policy map includes the set cos command.
Workaround: Disable Layer 2 class of service (CoS) packet marking by entering the no set cos command.
•CSCeg59923
Symptoms: The following error message is generated during a voice stress test:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel
Conditions: This is symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•CSCeg63430
Symptoms: One-way voice occurs when an IP phone transfers a call back to the PSTN via a Cisco AS5850 after having received the call from the PSTN via the same Cisco AS5400. The caller at the PSTN side hears the transferee at the (other) PSTN side, but not the other way around.
Conditions: This symptom is observed when the Cisco AS5850, which runs Cisco IOS Release 12.3T, connects to the PSTN via an PRI in the following topology:
Caller--Phone--PSTN--PRI--AS5850--CCM--IP Phone Transfer--CCM--AS5850--PRI-- PSTN--Transferee
Workaround: Enable MTP or the Cisco CallManager.
Further Problem Description: Although the symptom is not observed in Release 12.3, the fix is included in Release 12.3 as a precaution.
•CSCeg76294
Symptoms: A gateway that has a higher IP address in comparison with its peer may fail to open a TCP connection for a logical channel.
Conditions: This symptom is observed during fast start when a glare condition occurs while both gateways indicate to each other (in facility or other H.225 messages) that the H.245 control channel should be opened.
Workaround: There is no workaround.
•CSCeg79821
Symptoms: A Cisco 7200 VXR router crashes after running out of I/O memory because of a buffer leak in a public particle pool.
Conditions: This symptom is observed on a 7200 VXR router that runs Cisco IOS Release 12.3(9c) or Release 12.3(12) and that is configured with an NPE-G1. The symptom does not occur in Release 12.3(9).
Workaround: There is no workaround.
•CSCeh01182
Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.
Conditions: This symptom is observed on a Cisco voice gateway that is configured with an VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.
Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.
Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.
•CSCin86246
Symptoms: Backup calls are not initiated after you reload the router.
Conditions: This symptom is observed on a Cisco 2800 series that is configured for QoS. When the dialer interface is a designated backup interface and you reload the router, the dialer interface does enter the backup mode even though the primary interface is down.
Workaround: After you have reloaded the router, enter the shutdown command followed by the no shutdown command on the dialer interface.
Wide-Area Networking
•CSCed23896
Symptoms: A call may cause the following error messages, after which calls may pause indefinitely:
%DIAL0-3-MSG:
%DS_TDM-3-NO_RECOMB_BUS_DS0: Slot 0: no free Recombination bus DS0s left; connection not madeConditions: This symptom is observed on a Cisco platform that functions in a stress environment.
Workaround: There is no workaround. To recover from the symptom, reload the platform.
•CSCef96591
Symptoms: When the command ppp multilink group is used on a Virtual-template interface, a router may crash with an "%Align-1-Fatal Illegal Access to a low address" error followed by a bus error exception.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(10) when there are active PPP over ATM or PPP over Frame Relay sessions attached to the Virtual-template.
Workaround: Shut down all PPP over ATM or PPP over Frame Relay sessions before adding the Virtual-template to the multilink group.
Resolved Caveats—Cisco IOS Release 12.3(10b)
Cisco IOS Release 12.3(10b) is a rebuild release for Cisco IOS Release 12.3(10). The caveats in this section are resolved in Cisco IOS Release 12.3(10b) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
IP Routing Protocols
•CSCef84062
Symptoms: A Cisco router that is running BGP may crash due to a bus error at a low address when using the show bgp ipv6 network command.
Conditions: This symptom is observed on a Cisco 7505 router that is running Cisco IOS 12.2(15)T8. The problem occurred after recent BGP configuration changes.
Workaround: There is no workaround.
•CSCsa59600
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
Miscellaneous
•CSCee22810
Symptoms: On a Cisco 7500 series, all PVCs may suddenly enter the down state and remain in this state for about two minutes before they come back up. During the DLCI down state, the subinterface does not go down and no notifications are observed in the message log.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an RPS4+ or an RSP8 and that runs the rsp-jsv-mz image of Cisco IOS Release 12.2(12i). In addition, the router is configured with an 8-port serial port adapter and an HSSI port adapter, is configured for Frame Relay, and has more than 450 PVCs/DLCIs. Note that the symptom may be platform-independent and may also occur on other Cisco platforms in a similar configuration.
Note. This is a timing issue and is not dependant on the number of VC's.
Workaround: There is no workaround.
•CSCee87900
Symptoms: After a Cisco 7301 has crashed because of a parity error, the router may reload continuously with a "signal=10" bus error.
Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS Release 12.3(6a) but may also occur in other releases.
Workaround: There is no workaround.
Further Problem Description: This problem can affect any platform that uses create-on-demand ATM VCs, also known as Auto VCs.
•CSCef44225
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf.
•CSCef44607
Symptoms: The output of the show spe command shows SPE failures.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•CSCef70871
Symptoms: A Cisco AS5850 looses all connectivity (ISDN, FE, and GE connectivity) and is only accessible via the console port. The "%DSIPPF-5-DS_KEEPALIVE_LOSS: DSIP Keepalive Loss" error message that is generated shortly after the connectivity is lost suggests that the cards in the chassis can no longer communicate with each other too.
Conditions: This symptom is observed after a few hours of normal operation.
Workaround: There is no workaround.
•CSCef73080
Symptoms: A Cisco 7206VXR that is configured with an NPE-G1 may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(8)T3 or 12.3(9a).
Workaround: There is no workaround.
•CSCef86009
Symptoms: An incorrect cause code (0xD NA) is reported at a terminating Cisco AS5850 when a user is busy.
Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(10).
Workaround: There is no workaround.
•CSCeg09274
Symptoms: The line protocol on a PA-E3 serial interface may go down. During this time, the show interface serial x/y command will show that the output queue is wedged (Output queue: 40/40) and that output drops are increasing.
Conditions: This symptom occurs when a Cisco 7204VXR router is equipped with a PA-E3 module, is configured for the following: -encapsulation frame-relay, frame-relay traffic- shaping and tx-ring-limit x on the PA-E3 serial interface -multiple point-to-point subinterfaces with different Frame Relay Traffic Shaping (FRTS) parameters applied on each of the subinterfaces, and Class Based Weighted Fair Queueing (CBWFQ) applied on some of the subinterfaces and when the Fast Ethernet interface on the Cisco 7204VXR router is either shutdown or disconnected.
Workaround: Either configure shutdown followed by no shutdown on the PA-E3 serial interface, or enter clear interface serial x/y.
•CSCeg11398
Symptoms: Mute calls may occur on a Cisco MGCP gateway. The output of the show mgcp connection command shows that the Connection Mode for the originating endpoint remains in a loopback (M=5) after answering the call:
Endpoint Call_ID(C) Conn_ID(I) (P)ort (M)ode ...
1. S7/DS1-0/31 C=3E,315,313 I=0x81 P=0,0 M=3 ...
2. S7/DS1-1/31 C=3E,313,315 I=0x80 P=0,0 M=5 ...
Conditions: This symptom is observed for a hairpin call with COT that is requested on the originating call leg from the PSTN side.
Workaround: Disable COT on the PSTN side.
•CSCeg15422
Symptoms: A Cisco router intermittently stops encrypting and forwarding packets, and the following error messages are generated:
%VPN_HW-1-PACKET_ERROR slot 0 Packet Encryption/Decryption error, Output Authentication error (0x20000000)
%SYS-2-GETBUF Bad getbuffer, bytes= 42565
-Process= "Crypto HW Proc", ipl= 0, pid= 87
-Traceback= hex numbersor
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid Packet
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series that are configured with an AIM-VPN-BPII, AIM-VPN/EPII, or AIM-VPN/HPII Virtual Private Network (VPN) encryption and hardware advanced integration module (AIM). The symptom occurs after an IPSec SA rekeying. SYS-2-GETBUF tracebacks are seen if Encapsulating Security Payload (ESP) wide-key Advanced Encryption Standard (AES) 192 or 256 is configured.
Workaround: Use the appropriate AIM-VPN-BPII-Plus or AIM-VPN/EPII-Plus or AIM-VPN/HPII-Plus AIM.
Alternate Workaround 1: If AES 192 or 256 is configured, use ESP AES 128-bit keys.
Alternate Workaround 2: If AES 192 or 256 is configured, use a Data Encryption Standard (DES) transform instead.
•CSCeg27467
Symptoms: A Cisco platform that runs Cisco IOS Release 12.3(10) and that functions as a gatekeeper in an SS7 interconnect configuration may reject calls.
Conditions: This symptom is observed when the following conditions are present:
- The voice gateway is configured with trunk groups and has the Resource Availability Indicator (RAI) threshold enabled.
- When the high threshold value is reached, the voice gateway sends a RAI message with the AlmostOutOfResources field set to "TRUE" to the gatekeeper.
From this point on, the gatekeeper rejects new calls with an Admission Rejection (ARJ) message that indicates that the call capacity of the voice gateway is exceeded.
Workaround: Not to configure Trunk Group and RAI together. If this is not an option, there is no workaround.
•CSCeg43753
Symptoms: A router that is configured for RIP and BGP may crash with the following error messages:
System returned to ROM by bus error at PC 0x0, address 0x0
The crashinfo reports the following:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60BBD828, sp=0x64228388
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x60BBD828, sp=0x64228388
Unexpected exception, CPU signal 10, PC = 0x0
-Traceback= 0 60BBD828 60BAC93C 60BAD790 61FE44C0 60BAD834 60B7C138
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9b) and that is configured for MPLS VPN when RIP is partially configured without a network statement and when BGP is redistributed into RIP.
Workaround: Ensure that RIP is configured correctly.
•CSCsa45302
Symptoms: A Cisco 3660 gateway may crash when a voice call is made.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3 or interim Release 12.3(12.4)T1 when accounting is enabled.
Workaround: There is no workaround.
•CSCsa45740
Symptoms: The upgrade rom-monitor command will not operate properly.
Conditions: This symptom is observed on the Cisco 3725, Cisco 3631, and Cisco 2691 platforms.
Workaround: Use the Cisco IOS image which does not contain the commit change for CSCed90859, for example, Cisco IOS Release 12.3(6). Once the ROMmon upgrade is successful, the user may resume using any Cisco IOS image, including one which contains this issue.
Wide-Area Networking
•CSCeg11451
Symptoms: A Cisco platform that functions as a MPLS VPN provider edge (PE) router that is configured as a multihop LNS and that switches L2TP tunnels from the global routing table into a customer VRF may select an incorrect VRF table to send the L2TP control packets to the customer LNS.
Conditions: This symptom is observed in the following scenario:
- One tunnel between the multihop LNS and the customer LNS is established within the VRF.
- A second tunnel is in the process of being established to a different customer LNS in a different VRF.
- Both tunnels use the same VPDN source address and the same VPDN destination address (because two different VRFs are involved, addresses may overlap).
In this scenario, the L2TP control packets that are sent during the establishment of the second tunnel are sent within the VRF context of the first tunnel.
Workaround: Use unique source and/or destination addresses.
•CSCeg41505
Symptoms: An ISDN BRI interface does not come up when interesting traffic is received.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(12.5).
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(10a)
Cisco IOS Release 12.3(10a) is a rebuild release for Cisco IOS Release 12.3(10). The caveats in this section are resolved in Cisco IOS Release 12.3(10a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCef46191
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
Interfaces and Bridging
•CSCef00510
Symptoms: Packets that originate from a Cisco router that is configured with a PA-MC-8TE1+ port adapter may be corrupted and have an invalid FCS. These packets may have the address and control fields compressed even when PFC and ACFC options are explicitly disabled.
Conditions: This symptom is observed only when traffic is presented simultaneously on several B-channels.
Workaround: There is no workaround.
IP Routing Protocols
•CSCef05502
Symptoms: Network Address Translation (NAT) incorrectly resets the TTL of DNS Dynamic Update (RFC2136) Address Records (A-RR) to zero. This situation impacts updates that are sent within the Microsoft Active Directory (AD) system because the AD server refuses A-RR updates that have a TTL of zero.
Conditions: This symptom is observed only for A-RR record types. Record types other than A-RR are not affected.
Workaround: There is no workaround.
Miscellaneous
•CSCed34058
Symptoms: A Layer 2 Tunneling Protocol (L2TP) network server (LNS) may not remove a per-user access control list (ACL) from the configuration. This situation may cause the memory of the LNS to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco router that functions as an LNS in a Large-Scale Dial-Out (LSDO) configuration when a per-user ACL is present in the RADIUS profile of the user.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•CSCee19222
Symptoms: An MLP bundle configured between a Cisco 7500 series and any other router may not be able to switch traffic when dCEF is enabled on the Cisco 7500 series.
Conditions: This symptom is observed when LFI is enabled with one member link in the MLP bundle.
Workaround: Either remove dCEF or remove LFI. (A combination of CEF and MLP is not supported.) Note that if there are two member links in the interleaving-enabled MLP bundle, the problem does not occur.
•CSCee56976
Symptoms: RIP non-direct neighbor functionality does not work.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3.
Workaround: There is no workaround.
•CSCee67450
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•CSCef03782
Symptoms: DS0 channels may hang on a Cisco AS5400.
Conditions: This symptom is observed after running a VXML stress test for several hours.
Workaround: There is no workaround. To recover the channel, enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the affected controller.
•CSCef18546
Symptoms: During a voice prompt playout to a PSTN call leg, some voice packets may be unexpectedly skipped.
Conditions: This symptom is observed when multiple voice prompt tags are placed very close together.
Workaround: Add some silence, for example 200 msec, to the beginning of the prompt files as a buffer. Doing so should alleviate the problem, but is not guaranteed to be a reliable workaround.
•CSCef21720
Symptoms: A software-forced crash may occur on a gatekeeper that processes an incoming call.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.2(15)T13 and occurs only when a GKTMP server is configured for LRQ triggering.
Workaround: There is no workaround.
•CSCef22069
Symptoms: On a 12000 series that functions as an egress PE router in an MPLS VPN network, after the customer-facing Gigabit Ethernet line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. To recover from the symptom, manually ping the interface of the CE router from the adjacent PE router.
Workaround: Configure the static ARP entries for the nexthop router that is configured in the static recursive routes.
•CSCef24063
Symptoms: A memory leak may occur on a voice gateway that is configured for SIP.
Conditions: This symptom is observed on a Cisco platform that functions as a voice gateway. The symptom occurs when the voice gateway originates a SIP call that uses UDP, when the "200 OK" response to an "Invite" message is retransmitted more than three times, and when an "ACK" message is sent in response to the "200 OK" response.
Workaround: Use TCP as the transport type.
•CSCef30872
Symptoms: When a PPP user that is connected to a Cisco platform that runs SSG features attempts to log into a prepaid service, the authorization request that is sent to a RADIUS server always has the NAS port value of zero.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3.
Workaround: There is no workaround. The symptom does not occur in Release 12.2(4)B6.
•CSCef30921
Symptoms: Address 0.0.0.0 and mask 128.0.0.0 are considered invalid if used in a service profile.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS software image that includes the fix for CSCee13629. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCee13629. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Do not use all zero address. The first octet of the address must be at least one.
•CSCef36042
Symptoms: Subscribers cannot access the network when the ssg qos police session command is enabled.
Conditions: This symptom is observed on a Cisco 6400 series NRP that runs Cisco IOS Release 12.3(9).
Workaround: Disable the ssg qos police session command. The symptom does not occur in Cisco IOS Release 12.3(6).
•CSCef59293
Symptoms: A Cisco 3725 that has an AIM slot populated may hang sporadically.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(6) or a later release.
Workaround: There is no workaround. To restore the router to normal operation, power-cycle the router.
•CSCef72772
Symptoms: Spurious memory accesses occur on a gatekeeper during RAS communication for H.323 voice calls.
Conditions: This symptom is observed when the gatekeeper sends an LRQ for a voice call.
Workaround: There is no workaround.
•CSCin80221
Symptoms: A Cisco router crashes when you enter the fsck command for an ATA flash disk.
Conditions: This symptom is observed when the boot sector of the ATA flash disk is corrupted and when the router runs a release that is listed in the "First Fixed-in Version" field at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCed58384. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Format the disk.
•CSCin81933
Symptoms: A Cisco 7200 series router does not boot up with PA-A3-8T1IMA/PA-A3- 8E1 IMA PA at cold temperature and gives a watchdog timeout error.
Conditions: This problem is seen with an NPE400/NPE300 and IMA PA combination at cold temperature on a Cisco 7200 series router.
Workaround: There is no workaround.
•CSCin82407
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Wide-Area Networking
•CSCee18430
Symptoms: A PPP interface may fail to come up when the router is booted or when the interface resets. When this situation occurs, the interface appears to be physically up but PPP does not start. When you enable logging of PPP negotiation events with the debug ppp negotiation command and when packets arrive on the PPP interface, you can see in the log that PPP discards these inbound frames with a "LCP: Lower layer not up, discarding packet" message even though the lower layer (the link) is up.
Conditions: This symptom is observed when a PPP interface transitions from a down state to an up state at the link level. The symptom is most likely to occur when the router operates under a moderate-to-heavy load, or when large numbers of PPP interfaces simultaneously change state (for example when a channelized interface is reset).
Workaround: Any sequence that resets the interface usually clears the symptom. Therefore, you can enter the clear interface interface-name EXEC command or the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•CSCef29165
Symptoms: When an E1 interface goes down or out of service, the NAS does not send a "cic out of service" message to an SS7 platform.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6b), that functions as a NAS, and that is connected to an SS7 platform via an ISDN primary NFAS that is enabled for RLM version 1.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2(15)T9.
•CSCef39441
Symptoms: After forwarding an ISDN dialin connection to an LNS via L2TP, the LAC does not disconnect the ISDN connection upon termination of the L2TP session. The ISDN connection must be terminated by the remote user.
Conditions: This symptom is observed on a Cisco platform that functions as a LAC and that runs Cisco IOS interim Release 12.3(10.2). Note that the symptom does not occur in Release 12.3(10) and earlier releases.
Workaround: There is no workaround.
•CSCef47768
Symptoms: A Layer 2 Tunneling Protocol (L2TP) network server (LNS) may not remove a per-user access control list (ACL) from the configuration. This situation may cause the memory of the LNS to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco router that functions as an LNS in a Large-Scale Dial-Out (LSDO) configuration when a per-user ACL is present in the RADIUS profile of the user and if multilink is negotiated on the connection. This symptom was previously fixed via CSCed34058, but was reintroduced through CSCee01688.
A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCee01688. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•CSCef56356
Symptoms: When a call is placed from the network side to a VoIP CPE that runs Cisco IOS Release 12.3(6c) and when the called party number is configured on a dial peer that points to a deactivated BRI, the VoIP CPE may release the incoming call to the VoIP leg with incorrect disconnection cause code 16 (normal call clearing) instead of cause code 34 (no circuit).
Conditions: This symptom is observed when the BRI is deactivated by a router that functions as a VoIP CPE and that runs Cisco IOS Release 12.3(6c). Note that a router that runs Release 12.2(11)T7 or Release 12.3(6b) sends the proper cause code 34.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(10)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(10). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(10). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•Symptoms—A description of what is observed when the caveat occurs.
•Conditions—The conditions under which the caveat has been known to occur.
•Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•CSCec39682
Symptoms: You may not be able to set the casnDisconnect object to "true" in the CISCO-AAA-SESSION-MIB.
Conditions: This symptom is observed only for Telnet sessions. The symptom does not occur for other sessions such as PPPoE sessions.
Workaround: Clear the Telnet session by using the tsClrTtyLine object.
•CSCed32794
Symptoms: A slave route switch processor (RSP) may reload when you enter the tftp-server slaveslot0: global configuration command or any other global configuration command that configures the TFTP server to access flash devices on the slave RSP.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(23)S5. However, the symptom is not platform-dependent and may also occur in other releases.
Workaround: Configure the TFTP server to access flash devices on the master RSP only.
•CSCed33110
Symptoms: A VIP crash can lead to a memory exhaustion situation on the RSP in turn leading to an RSP crash.
Conditions: This will happen more frequently on routers with a high idb count.
Workaround: There is no workaround.
•CSCed49199
Symptoms: The following attributes are duplicated in the RADIUS accounting records of an incoming leg:
Calling-Station-Id
Called-Station-IdConditions: This symptom is observed on a Cisco platform that is configured for AAA.
Workaround: There is no workaround.
•CSCed91215
Symptoms: Attributes 42 and 43 may be of value "zero" in Connection STOP records.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that run Cisco IOS Release 12.3 or Release 12.3(4)T4 when a TCP-clear call is disconnected by the caller. For call disconnects by the NAS, the values are proper.
Workaround: There is no workaround.
•CSCed93927
Symptoms: The "%RADIUS-3-NOSERVERS: No Radius hosts configured" error message appears after the receipt of a RADIUS Access-Accept packet, preventing accounting updates from being sent.
Conditions: This symptom is observed on a router with a very specific RADIUS server host configuration after you have reloaded the router.
Workaround: Perform the following steps:
1. Remove specific RADIUS commands by entering the following:
no radius-server host 10.0.0.1 auth-port 1645 acct-port 0 non-standard key 7
no radius-server host 10.0.0.1 auth-port 0 acct-port 1646 non-standard key 7
2. Remove all server group configurations by entering the following commands:
no aaa group server radius ACS
no aaa group server radius RAD
3. Reinstall the server group configurations by entering the following commands:
aaa group server radius ACS
server 10.0.0.1 auth-port 1645 acct-port 1646
deadtime 10
!
aaa group server radius RAD
server 10.0.0.2 auth-port 1645 acct-port 1646
deadtime 10
•CSCee22376
Symptoms: A switch performs an unexpected reload when the MIB object usmUserAuthKeyChange is set.
Conditions: This symptom is observed when an SNMPv3 user enters the encrypted keyword and enters text for the auth-password argument for the MD5 authentication algorithm option in the snmp-server user username groupname v3 encrypted auth md5 auth-password command. In addition, a MIB view containing the USM-MIB must be created for the group that the user belongs to.
Workaround: The SNMPv3 user must provide the auth-password argument in the MD5 digest format instead of as text.
•CSCee26662
Symptoms: A platform may reload when the aaa dnis map dnis-number authentication ppp group server-group-name command is entered.
Conditions: This symptom is observed when aaa dnis map commands are enabled.
Workaround: There is no workaround.
•CSCee27317
Symptoms: Asynchronous PPP calls fail on a Cisco AS5850.
Conditions: This is symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(7)T1 when the async mode interactive command is enabled. The symptom is service-affecting and may also occur in Release 12.3.
Workaround: Enter the async mode dedicated command.
•CSCee29648
Symptoms: A slow processor memory leak may occur in the RM process on a Cisco AS5300.
Conditions: This symptom is observed on a Cisco AS5300 that runs Cisco IOS Release 12.2(15)T8. The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
•CSCee35379
Symptoms: AAA database memory is not released when the AAA ID is deallocated.
Conditions: This symptom is observed when a GGSN PPP context is opened or closed and when AAA authentication is configured but AAA accounting is not.
Workaround: There is no workaround.
•CSCee35740
Symptoms: After a VIP crashes, a FIB-3-FIBDISABLE error message due to an IPC timeout may occur for all the slots of the VIP.
Conditions: This symptom is observed on a Cisco 7500 series after the VIP crashes and before the VIP recovers. The FIB-3-FIBDISABLE error message is generated for all the slots of the VIP, causing dCEF switching to become disabled.
Workaround: There is no workaround. You can reenable dCEF by entering the clear cef linecard command.
•CSCee42381
Symptoms: A Cisco MC3810 reloads when you configure ILMI on an ATM interface.
Conditions: This symptom is observed on a Cisco MC3810 that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround.
•CSCee42617
Symptoms: Users are unable to authenticate using RADIUS, or accounting is not sent to the RADIUS server. In addition, when you enter the debug radius command, the following information is generated:
RADIUS(00000049): sending
%RADIUS-3-NOSERVERS: No Radius hosts configured.
RADIUS/DECODE: parse response no app start; FAIL
RADIUS/DECODE: parse response; FAIL
The output of the show running-config command indicates that there are in fact RADIUS servers in the server group.
Conditions: These symptoms are observed after following these steps:
1. Remove and recreate a server group that is still referenced by one or more method lists, by entering the following commands:
no aaa group server radius XXXX
aaa group sever radius XXXX
server x.x.x.x
...
2. Allow one of these method lists to be used, causing a transaction to be sent to a RADIUS or TACACS+ server in the server group.
3. Remove and re-add the radius-server host ... command lines for all authentication-capable (or accounting-capable if this group is used for accounting) servers in this server group.
Workaround: Remove all RADIUS or TACACS+ server configurations, remove all RADIUS or TACACS+ server group configurations, and remove all method lists. Then, reconfigure all of them.
Further problem description: If you enter the debug aaa sg-ref-count command before Step 2 of the Conditions, a debug message similar to the following one is generated:
AAA/SG: Server group ref count decoalesced sg_type for public group XXXX and is reduced by 2 to 0
•CSCee45632
Symptoms: A Cisco router may reload during an attempt to free memory after Simple Network Management (SNMP) operations.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(9), that is configured with an RSP, and that has the SNMP bulk transfer feature enabled.
Workaround: There is no workaround.
•CSCee47288
Symptoms: You cannot configure the radius-server attribute 196 network-up lcp-open command; the command is treated as an invalid input.
Conditions: This symptom is observed on a Cisco platform that runs in Cisco IOS interim Release 12.3(8.4a).
Workaround: There is no workaround.
•CSCee48373
Symptoms: Some attributes may be missing in an accounting stop record for an exec session.
Conditions: This symptom is observed when accounting is performed via a TACACS+ server and when the aaa accounting exec default start-stop group tacacs+ command is enabled.
Workaround: There is no workaround.
•CSCee60844
Symptoms: A software-forced crash may occur on a Cisco 7500 series.
Conditions: This symptom is observed on a Cisco 7500 series with a PA-T3 or PA-2T3 configured for class-based weighted fair queueing (CBWFQ).
Workaround: Remove CBWFQ from the interface or policy map.
•CSCee68382
Symptoms: A spurious memory access may occur when you change one or more RADIUS addresses during live sessions.
Conditions: This symptom is observed when there are about 32,000 RFC1483 and PPPOE sessions configured and about 1000 sessions are active.
Workaround: There is no workaround.
•CSCee77809
Symptoms: When you try to configure NTP on a Cisco platform, the ntp server command is rejected with the following error message:
%NTP: failed to initialize NTP process
Conditions: This symptom is observed on any Cisco platform that does not support a reference clock.
Workaround: There is no workaround.
•CSCee78266
Symptoms: A Cisco 7500 series may reload in an indefinite loop when you unintentionally enter the show list number hidden command.
Conditions: This symptom is observed when you, for example, abbreviate the show line 2000 command as the show li 2000 command and actually execute the show list 2000 hidden command.
Workaround: Do not abbreviate the show line command as the show li command but enter the full command.
•CSCee78300
Symptoms: A bus error crash (that is, an illegal access to a low address) may occur in the RADIUS process.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-G1 and that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(3).
•CSCee84611
Symptoms: An NTP broadcast client may fail to synchronize with an NTP broadcast server if the server cannot be reached from the client.
Conditions: This symptom is observed in Cisco IOS interim Release 12.2(12.11)T or a later release, including Release 12.3. However, the symptom may also occur in other releases.
Workaround: Ensure that the server can be reached from the client.
•CSCee89849
Symptoms: A router may reload due to an illegal access at a low address.
Conditions: This symptom is observed on a Cisco router when AAA is enabled.
Workaround: There is no workaround.
•CSCee89933
Symptoms: When you use Optimized Edge Routing (OER), SAA is invoked without any SAA configuration. This situation results in tracebacks and failed OER active probes that prevent OER from choosing the best exit.
Conditions: This symptom is observed in a configuration with OER border routers.
Workaround: Enter the rtr 9999 command on all OER border routers.
•CSCee93607
Symptoms: A VPN client cannot connect to a router that functions as an EzVPN server.
Conditions: This symptom is observed on a Cisco router that functions as an EzVPN server when the user name is not sent in the RADIUS authentication request for the VPN client, causing the authentication server to reject the VPN client.
Workaround: If this is an option, use local authentication.
Further Problem Description: The following error message appears in the debug output:
ISAKMP (0:1): FSM action returned error: 4
•CSCef00114
Symptoms: A router reloads unexpectedly when a tunnel password is downloaded via a RADIUS server.
Conditions: This symptom is observed when a tunnel password is configured in the RADIUS domain profile that is used to establish the tunnel and when the tunnel password string consists of more than 64 characters.
Workaround: Configure a tunnel password string that consists of less than 64 characters.
•CSCef09641
Symptoms: A Cisco access server may reload because of a bus error at address 0x4000 when calls are made. Additionally, there may be spurious memory access recorded in the logs, as described in CSCed88542.
Conditions: This symptom is observed on a Cisco access server that is configured for AAA and that has the radius-server attribute 8 include-in-access-req command enabled.
Workaround: Remove the radius-server attribute 8 include-in-access-req command from the configuration.
•CSCin66003
Symptoms: A TACACS+ server may not switch to an alternate server in the same server group when the connection to the first server times out.
Conditions: This symptom is observed when there are multiple TACACS+ servers configured in the same server group and when the connection to the first TACACS+ server times out.
Workaround: Configure a single server in each server group, and attach multiple server groups to the method list.
As an example, if the symptom occurs in the following configuration:
aaa group server tacacs DIAL
server 1
server 2
aaa authentication ppp default group DIALchange this configuration to the following:
aaa group server tacacs DIAL1
server 1
aaa group server tacacs DIAL2
server 2
aaa authentication ppp default group DIAL1 group DIAL2•CSCin72727
This caveat consists of two symptoms, two conditions, and two workarounds:
1. Symptom 1: The ifOperStatus SNMP object may return "Testing" when the CLI states Up/Up (Looped).
Condition 1: This symptom is observed when PPP encapsulation and loopback are configured.
Workaround 1: There is no workaround.
2. Symptom 2: The ifOperStatus SNMP object may return "DOWN."
Condition 2: This symptom is observed when HDLC encapsulation and the down-when-looped command are configured.
Workaround 2: There is no workaround.
•CSCin78100
Symptoms: A Bootflash and a slave bootflash file system may not be accessible and the following error messages are generated:
Router#dir slavebootflash:
%Error opening slavebootflash:/ (No such device)
Router#dir bootflash:
%Error opening bootflash:/ (No such device)
Router#format bootflash:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "bootflash:". Continue? [confirm]
%Error formatting bootflash (Unspecified error)
Router#dir bootflash:
%Error opening bootflash:/ (No such device)
Conditions: This symptom is observed on a Cisco 7500 series that has an RSP and that runs Cisco IOS interim Release 12.3(9.10) or interim Release 12.3(9.10)T.
Workaround: There is no workaround.
EXEC and Configuration Parser
•CSCee64504
Symptoms: A CPUHOG may occur for about 4.5 seconds when you enter the show running-config command.
Conditions: This symptom is observed on a Cisco uBR10000 series but may also occur on other platforms.
Workaround: Do not enter the show running-config command. Rather, enter the show config command.
Further Problem Description: The show tech-support command also has a problem when it reaches the show running-config command part. Changing the term length does not work as workaround.
IBM Connectivity
•CSCee40967
Symptoms: A Cisco router may crash due to a bus error if a PA-A1-OC3MM ATM port adapter is installed but not configured for ATM LANE.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(8.4a), which is an interim release for Release 12.3(9).
Workaround: There is no workaround.
•CSCee89448
Symptoms: A Cisco router may reload unexpectedly when you enter the no dlsw local-peer global configuration command, and the router may generate an error message and traceback that are similar to the following ones:
Unexpected exception to CPUvector 1200, PC = 80B1CB00
=-Traceback= 80B1CB00 80B1C5D0 8048B5C0 8048EB08Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) only when a transparent bridging routine is used together with DLSw. The symptom does not affect DLSw Ethernet redundancy.
Workaround: Do not just enter the no dlsw local-peer global configuration command to remove all DLSw-related commands from the router configuration. Rather, on each interface that uses transparent bridging, enter the no bridge-group bridge-group interface configuration command. Then, enter the no dlsw bridge-group bridge-group global configuration command followed by the no dlsw local-peer global configuration command.
•CSCin76076
Symptoms: A Cisco router that functions as a LANE server may fail to attain the active state and remains in the backup state regardless of the priority. This situation prevents LANE clients from becoming operational.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series that run Cisco IOS interim Release 12.3(8.4) and later interim releases. The symptom may also occur in other releases.
Workaround: There is no workaround.
Interfaces and Bridging
•CSCdy36519
Symptoms: A Cisco 7500 series may show a %SYS-3-CPUHOG error message when an ATM link on the router is flapped.
Conditions: This symptom is observed only when there are a lot of VCs on the ATM interface and when the VIP is oversubscribed.
Workaround: There is no workaround.
•CSCee27103
Symptoms: QA errors and CxBus errors may occur continuously on a Cisco 7500 series that has an FSIP card installed. This situation may cause other cards in the router to become nonoperational.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS interim Release 12.3(7.11).
Workaround: There is no workaround.
•CSCee44827
Symptoms: Spurious memory accesses may occur on a VIP with a PA-FE.
Conditions: This symptom is observed on a Cisco 7500 series when a raw Ethernet packet is received on the PA-FE interface that is configured as an ISL trunk.
Workaround: There is no workaround.
•CSCee55632
Symptoms: A Cisco 7500 series may leave ATM PVCs up when the ATM interface is shut down.
Conditions: This symptom is observed on a Cisco 7500 series that has a PA-A3 when the CPU utilization of the VIPs is high.
Workaround: There is no workaround.
•CSCee58873
Symptoms: The show controllers t1 slot/port command may show only the current interval.
Conditions: This symptom is observed on a Cisco 7200 series when FDL is configured.
Workaround: There is no workaround.
Further Problem Description: When FDL is configured, the router updates the MIB data after checking for a valid local and remote MIB data interval that it receives from the T1 port adapter. During the remote MIB update, and if the received data interval is invalid, the router clears both the remote and the local data instead of clearing only the remote data and starting again.
•CSCee68361
Symptoms: Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) traffic may be dropped as ignored traffic.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2 or Release 12.3 when all the following conditions are present:
–The router is configured for distributed Cisco Express Forwarding (DCEF).
–The MPLS VPN traffic enters via a Gigabit Ethernet (GE) subinterface that has dot1q encapsulation enabled.
Workaround: Use CEF instead of dCEF.
•CSCee91605
Symptoms: A Cisco 2691 or Cisco 3725 may not boot and may generate the following error message:
ERR-1-GT64120 (PCI-1): Fatal error, PCI Master abort
Conditions: This symptom is observed on a Cisco 2691 and Cisco 3725 that are configured with an NM-1GE network module that is installed in port one.
Workaround: There is no workaround.
•CSCin41371
Symptoms: A Cisco 7500 series router may reload.
Conditions: This symptom occurs on an ATM interface that flaps when there is a service policy attached to an ATM permanent virtual circuit (PVC) that has Multilink PPP (MLP) and link fragmentation and interleaving (LFI) enabled.
Workaround: There is no workaround.
•CSCin74331
1. Symptom 1: SYS-2-MALLOCFAIL messages are seen.
Condition 1: This symptom is observed on a Cisco platform when serial interfaces with PPP encapsulation are configured into bridge groups and when there is a large amount of broadcast (or unknown unicast) traffic. This problem does not affect the Cisco 7500 series.
Workaround 1: Limit the broadcast of bridging traffic.
2. Symptom 2: The output of the show process cpu command shows a high value for the "HyBridge Input" process.
Condition 2: This symptom is observed on a Cisco platform when serial interfaces with PPP encapsulation are configured into bridge groups and when there is a large amount of broadcast (or unknown unicast) traffic. This problem does not affect the Cisco 7500 series.
Workaround 2: Disable the bridge-group command for the PPP interfaces.
•CSCin76595
Symptoms: A Cisco 7500 series may show a large number of tracebacks of the "64bit read" access type on a VIP.
Condition: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2 S or Release 12.3 when the VIP contains a PA-POS-OC3, PA-POS-2OC3, or PA-SRP-OC12.
Workaround: There is no workaround.
IP Routing Protocols
•CSCea85395
Symptoms: Previously suppressed prefixes are not automatically installed in the VRF table.
Condition: This symptom is observed after the VRF table reaches the maximum route limit. Subsequent prefixes are suppressed and not installed in the VRF table. After the suppress condition is cleared, routes are entered into the VRF table without any manual intervention.
Workaround: Enter the clear ip bgp command.
•CSCeb27742
Symptoms: A Cisco router with a Border Gateway Protocol (BGP) system may lose the address family's use of aggregate routes after the router reloads. The aggregate routes are moved from the VPN routing/forwarding (VRF) address family and appear under the global IP version 4 (IPv4) address family. When the router reloads, the console displays the following error messages:
exit-address-family
^ % Invalid input detected at '^' marker.
exit-address-family
^ % Invalid input detected at '^' marker.
exit-address-family
^ % Invalid input detected at '^' marker.
The above symptom is only one of the possible symptoms. Support for the auto-summary router configuration command and the default-information originate router configuration command has been removed from some of the address families as a result of the caveat CSCdx14351 without providing support to accept these commands silently when being booted with a configuration from a prior Cisco IOS release. The presence of the unsupported commands in address families like Virtual Private Network version 4 (VPNv4) and IPv4 Multicast (MCAST) causes the command-line interface (CLI) to go out of the address family submode and apply these commands to the v4 address family, which results in unpredictable behavior.
Conditions: This symptom is observed on all Cisco platforms that run Cisco IOS Release 12.2(16.4)T or Release 12.3 T. The symptom may also occur in other releases.
Workaround: Reenter the configuration that was present before the router reloaded.
•CSCed33044
Symptoms: ARP may not function properly on the remote side of point-to-point Fast Ethernet link with a default static route until the remote side is pinged.
Conditions: This symptom is observed on a Cisco router when ARP and /31 mask are configured on a point-to-point link Fast Ethernet link with a default static route. The symptom is platform-independent.
Workaround: There are four different workarounds:
–Use a /30 netmask on the point-to-point Fast Ethernet connection.
–Configure a static ARP entry for the remote side of the Fast Ethernet link.
–Enter the ip proxy-arp command on the remote side of the Fast Ethernet link.
–Use an OSPF route instead of a default static route.
•CSCed62479
Symptoms: The neighbor next-hop-unchanged command may not keep the next hop unchanged for internal paths.
Conditions: This symptom is observed when an internal route is learnt via a confederation eBGP peer.
Workaround: There is no workaround.
•CSCed65315
Symptoms: A Cisco router that runs Cisco IOS Release 12.3(5a) may reload because of a bus error. The output of the show version command may show the following:
System returned to ROM by bus error at PC 0xXXXXXXXX, address 0xYYYYYYYY
Conditions: The symptom may be observed when IP NAT is configured.
Workaround: Enter the no ip nat service sip tcp port 5060 command and the no ip nat service sip udp port 5060 command.
The following link provides general information about bus errors: http://www.cisco.com/warp/public/122/crashes_buserror_troubleshooting.html
["Troubleshooting Bus Error Crashes"; Document ID: 7949; replaces http://www.cisco.com/warp/public/122/crashes_buserror_troubleshooting.html]
•CSCed86069
Symptoms: A software-forced chunk corruption crash may occur when a MALLOC failure occurs.
Conditions: This symptom is observed on a Cisco platform that has the bgp dampening command enabled.
Workaround: There is no workaround.
•CSCed89211
Symptoms: When you send an extended ping between two routers, both routers may reload with tracebacks.
Conditions: This symptom is observed on Cisco routers that are connected via SNAT to support a failover scenario.
Workaround: There is no workaround.
•CSCed90943
Symptoms: EIGRP may crash unexpectedly.
Conditions: This symptom is observed after a Nonstop Forwarding (NSF) restart.
Workaround: Disable EIGRP NSF.
•CSCee24899
Symptom: A router that is configured for multicast routing may reload due to a bus error.
Condition: This symptom is observed on a Cisco router that runs a Cisco IOS software release that contains the fix for CSCec80252. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec80252. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•CSCee25019
Symptoms: The OSPF process may still redistribute IPv6 routes that are denied by an access list that is configured on a route map. Alternatively, if a prefix is permitted by the access list, the prefix may not be advertised by OSPF.
Conditions: This symptom is observed when an access list on a route map is modified after the route map is configured for redistribution.
Workaround: To flush existing external LSAs and generate correct external LSAs that OSPF can redistribute based on the route map, enter the clear ipv6 ospf redistribution command.
•CSCee28148
Symptoms: After a switchover on a router, one or more obsolete LSAs from a neighboring router may still be present in the topology. This is improper behavior: the LSAs should no longer be present in the topology.
Conditions: This symptom is observed when a switchover occur on a Cisco router that runs OSPF NSF and when a neighboring router flushes one or more of its self-originated LSAs.
Note that the LSAs automatically age out within an hour, unless the link that connects the router and the neighboring router is a demand circuit or has OSPF "flood-reduction" configured.
Workaround: If the LSA is an external LSA (type5/type7), enter the clear ip ospf redistribution command on the neighboring router. In all other cases, enter the clear ip ospf process command on the neighboring router.
•CSCee32675
Symptoms: It may not be possible to remove a VRF-based static NAT configuration.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 in an MPLS VRF NAT configuration.
Workaround: There is no workaround.
•CSCee35125
Symptoms: A Cisco router may crash when you enter the clear ip route * command.
Conditions: This symptom is observed when the routing table has a default route.
Workaround: There is no workaround.
•CSCee36622
Symptoms: ABRs may continue to generate summary LSA(s) for obsolete non-backbone intra-area route(s).
Conditions: This symptom occurs under the following conditions:
1. The ABR (call ABR X) has at least one non-backbone area (call area X) in common with one or more additional ABRs.
2. The ABRs are generating summary LSAs, on behalf of the Area X's two or more intra-area routes, into the backbone area and other areas. The two intra-area routes must be advertised as stub links from two different routers; i.e., one from ABR X, and the other from another router belonging to Area X.
3. The summary LSA IDs for the intra-area routes above, when ORed with the host bits of the corresponding masks, yield identical LSA IDs.
For example, 10.10.10.128/25 and 10.10.10.0/24 yield identical LSA IDs when the network address is logically ORed with the host bits; i.e.,
10.10.10.128 | 0.0.0.127 = 10.10.10.255
10.10.10.0 | 0.0.0.255 = 10.10.10.255
Workaround: Perform the clear ip ospf proc command on all ABRs containing the obsolete LSAs.
•CSCee36721
Symptoms: An OSPF Designated Router (DR) may fail to regenerate the network LSA when you reload the router.
Conditions: This symptom is observed on a Cisco router that functions as a DR for an OSPF interface when another interface with the same interface address is present in the area but is in a shut down state.
Workaround: Remove the duplicate interface address and enter the clear ip ospf process command.
•CSCee59315
Symptoms: A BGP VPNv4 table may contain paths that may be imported from deleted BGP table entries or from table entries that have a different prefix from the importing prefix.
An example of a path from a deleted BGP table entry is as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 52
Paths: (1 available, best #1, table vpn2)
Advertised to non peer-group peers:
10.4.1.2
2 100, imported path from 2829:2829:185404173:11.13.11.13/-53
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:3
The entry that this path is imported from has been removed from the table and its memory contents contain an incorrect pattern. When the incorrect pattern is displayed as a prefix, it appear as "2829:2829:185404173:11.13.11.13/-53".
A mismatched prefix appears as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 54
Paths: (2 available, best #1, table vpn2)
Flag: 0x820
Advertised to non peer-group peers:
10.10.10.10 10.20.20.20
2
10.4.1.2 from 10.4.1.2 (10.4.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:2
2 100, imported path from 200:2:172.16.0.0/24
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external
Extended Community: RT:1:3
This BGP VPNv4 table entry is for prefix 192.168.0.0/32 but it shows that a path is imported from 172.16.0.0/24. This situation occurs when a path has a link to a deleted BGP table entry, and then the memory for the deleted entry is reused for a new table entry of which the prefix may not match with the importing entry.
Conditions: These symptoms are observed when you enter the maximum-paths import number command in router BGP address-family IPv4 VRF mode. The number argument indicates the number of paths to import from one VRF to another.
Workaround: Remove the maximum-paths import number command from the router BGP address-family IPv4 VRF mode.
•CSCee65066
Symptoms: The CISCO-PIM-MIB trap ciscoPimInvalidJoinPrune is supposed to contain the following varbinds:
1.3.6.1.4.1.9.9.184.1.1.4 - cpimLastErrorOriginType
1.3.6.1.4.1.9.9.184.1.1.5 - cpimLastErrorOrigin
1.3.6.1.4.1.9.9.184.1.1.6 - cpimLastErrorGroupType
1.3.6.1.4.1.9.9.184.1.1.7 - cpimLastErrorGroup
1.3.6.1.4.1.9.9.184.1.1.8 - cpimLastErrorRPType
1.3.6.1.4.1.9.9.184.1.1.9 - cpimLastErrorRP
1.3.6.1.4.1.9.9.184.1.1.2 - cpimInvalidJoinPruneMsgsRcvd
However, when the trap is sent, a wrong OID is used for the cpimInvalidJoinPruneMsgsRcvd.
From a sniffer trace, the following varbind is seen: 1.3.6.1.4.1.9.9.184.2.0.5.0. The actual value sent is correct, though.
Similarly, another CISCO-PIM-MIB trap, ciscoPimInvalidRegister, has the wrong varbind for cpimInvalidRegisterMsgsRcvd. However the value sent is correct in this case too.
Condition: This symptom is platform-independent and software-independent. Note that the actual value that is sent in the wrong OID for cpimInvalidJoinPruneMsgsRcvd or cpimInvalidRegisterMsgsRcvd is correct. However, this situation causes confusion on the traps receiver side because the receiver cannot decode the traps correctly.
Workaround: There is no workaround.
•CSCee66936
Symptoms: A software-forced reload may occur on a router that is configured with a DVMRP tunnel.
Conditions: This symptom is observed on a Cisco router when the DVMRP tunnel is brought up and routing information is redistributed between DVMRP and MBGP.
Workaround: There is no workaround.
•CSCee76562
Symptoms: Spurious memory accesses may occur and tracebacks may be generated.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(9.3)T when NHRP, IPSec, NAT, and EIGRP are configured. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCee89438
Symptoms: An MSDP enabled RP does not build an (S,G) state from its SA cache when it should do so. Depending on the topology and if an SPT threshold is configured as infinite, this situation may result in a multicast forwarding interruption of up to 2 minutes.
Conditions: This symptom is observed when the RP for a group fails and an incoming (*,G) join message is received.
MSDP should create an (S,G) state from its SA cache. However, this is done before the (*,G) olist is populated; because of the (*,G) NULL olist, MSDP does not install an (S,G) state.
Workaround: Enter the clear ip mroute * command on all first-hop routers to the source to enable the FHR to register immediately when the next packet creates an (S,G) state.
•CSCef00037
Symptoms: EIGRP may generate the following error message and a traceback on the peers of a router:
DUAL-3-INTERNAL: IP-EIGRP(0) 401: Internal Error
Conditions: This symptom is observed when you perform a switchover on the router.
Workaround: There is no workaround.
•CSCef00535
Symptoms: An OSPF router may reload unexpectedly.
Conditions: This symptom is observed after a neighbor has performed a switchover.
Workaround: Disable LLS under the OSPF process on the router by entering the no capability LLS command or disable OSPF NSF under the OSPF process on the neighbor by entering the no nsf command.
ISO CLNS
•CSCed33760
Symptoms: A default route is not installed into the Border Gateway Protocol (BGP) routing table when the default-information originate command is configured in Connectionless Network Service Protocol (CLNS) address family configuration mode.
Conditions: This symptom is observed only on routers that run Cisco IOS Release 12.3(4)T2 and are configured to run CLNS, Integrated Intermediate System-to-Intermediate System (IS-IS), and BGP.
Workaround: There is no workaround.
Miscellaneous
•CSCdt38138
Symptoms: A Cisco 7200 series that is configured for IPSec may reboot with a bus error.
Conditions: This symptom is observed under rare circumstances when a race condition occurs.
Possible Workaround: Reload the router.
•CSCea20680
Symptoms: When you unconfigure a 0/32 static route using the no ip route 0.0.0.0 0.0.0.0 interface global configuration command, the following error message may be generated:
%FIB-4-RADIXINSERT: Error trying to insert prefix entry for 0.0.0.0/0
Conditions: This symptom is observed on a Cisco 12000 series when you use a routing configuration with BGP and EIGRP with the ip default-network address and no ip route 0.0.0.0 0.0.0.0 interface commands.
Workaround: There is no workaround.
•CSCea31672
Symptoms: Packets that are sent to the Route Processor (RP) from a VIP are dropped when IP is source-bridged on a FDDI port adaptor.
Conditions: This symptom is observed on a Cisco 7500 series. Note that IP routing works fine.
Workaround: There is no workaround.
•CSCea78858
Symptoms: A Layer 2 Forwarding Protocol (L2F) network access server (NAS) may pause indefinitely without logging any error messages.
Conditions: This symptom is observed on a Cisco router that is functioning as a NAS when you configure a large number of L2F tunnels and sessions.
Workaround: There is no workaround. To resume normal operation, enter a control-break sequence via the console; then, either reset or power cycle the router.
•CSCeb52181
Symptoms: A Cisco platform that accesses the "system:/vfiles/tmstats_ascii" virtual file (for example, via "more system:/vfiles/tmstats_ascii") may crash because of bus error.
Conditions: This symptom is observed under normal working conditions when no configuration changes are made on a Cisco platform that runs Cisco IOS Release 12.0 S, 12.1 E, 12.2 or 12.3.
Workaround: There is no workaround.
•CSCeb87354
Symptoms: High fragmentation may occur in the I/O memory.
Conditions: This symptom is observed on a Cisco 6400 series Node Route Processor 2 (NRP2) that runs Cisco IOS Release 12.2(13)T5 or Release 12.3.
Workaround: There is no workaround.
•CSCec28505
Symptoms: When a Cisco 7500 series boots up with low-speed serial interfaces, an error message is generated for each interface for which Cisco IOS legacy fair queueing is disabled.
Conditions: This symptom is observed on a Cisco 7500 series router that has low-speed serial interfaces and dCEF configured. QoS functionality is not impacted.
Workaround: There is no workaround.
•CSCec38308
Symptoms: SSG only supports one class attribute rather than several of them, although a RADIUS client is supposed to put all class attributes that it receives in Access-Accept messages into Accounting-Request messages that it sends for a session. (See RFC2865/2866.)
Conditions: This symptom is observed on a Cisco platform that is configured as an SSG.
Workaround: There is no workaround.
•CSCec60175
Symptoms: RSA encryption is not supported with VAM hardware.
Conditions: This symptom is observed with all hardware encryption accelerators that are based on a component of a specific third-party vendor.
Workaround: Use software encryption.
•CSCed00033
Symptoms: When an ATM PVC bounces, it fails to come back up and remains in the DOWN/UNVERIFIED state.
Conditions: This symptom occurs when an ATM LC is connected to an ATM switch, when the ATM PVC is managed by OAM, and when the frequency of the OAM F5 loopback cells is set to 0 via the oam-pvc manage 0 command.
Workaround: Reactivate the PVC by entering the shutdown command followed by the no shutdown command on the PVC.
Alternate Workaround: Disable OAM management.
•CSCed13108
Symptoms: A Cisco 7204 router with a SA-VAM card that is configured for IPSec continues to generate "Error coming back 0004" error messages, and the "invalid_fc" and "cmdq_rx_error" counters in the output of the show pas vam interface command increase. However, the IPSec tunnel stays up and traffic passes without any problem.
Conditions: This symptom is observed on a Cisco 7204 that runs Cisco IOS Release 12.1(20)E1 when you configure many tunnels (more than 500) and occurs after a large number of rekeys. The symptom may also occur in Release 12.3.
Workaround: Enter the crypto card shut command followed by the crypto card enable command to reset the VAM card. However, doing so deletes all existing IKE & IPSec SAs.
•CSCed19912
Symptoms: ISAKMP negotiation with an AIM-VPN/EPII hardware encryption module on a Cisco router may fail.
Conditions: This symptom is observed when the peer router runs a Cisco IOS software encryption engine and has a different ISAKMP lifetime than the router with AIM-VPN/EPII.
Workaround: Use the same ISAKMP lifetime on peering routers.
•CSCed20886
Symptoms: A digital voice port channel may become stuck intermittently. When the symptom occurs, the "VPM STATE" column in the output of the show voice call summary EXEC command may indicate that the voice port channel is in the "EM_PARK" state and the "CURR STATE" column in the output of the show voice dsp privileged EXEC command may indicate that the digital signal processor (DSP) state is "bad."
Conditions: This symptom is observed when a hairpin call on the digital voice port is disconnected because of the configured ringing timeout (the default is 180 seconds).
Workaround: Configure the ringing timeout to be infinitely.
•CSCed21183
Symptoms: A router may reload with a bus error.
Conditions: This symptom is observed on a Cisco router that is configured for time-division multiplexing (TDM) hairpinning.
Workaround: There is no workaround.
•CSCed35964
Symptoms: Interoperating problems may occur with a particular third-party vendor 48 MB flash card, and a router may not be able to read the flash card with "bad majic" and "-13 open file" error messages.
Conditions: This symptom is observed in the following two scenarios:
–Scenario 1: If the flash card is formatted on one router and then inserted in another router, the boot image and Cisco IOS image can be read from the flash card until you reload the router. After the router is reloaded, "bad majic" and "-13 open file" error messages occur.
–Scenario 2: When you remove the first large file from the flash card (irrespective of its position on the flash card and irrespective of whether or not the file is a Cisco IOS file) and you reload the router, "bad majic" and "- 13 open file" error messages occur, and the router may enter a continuous loop. The symptom occurs with the removal of a file that is 12 MB or 14 MB but does not occur with the removal of a file of 4 MB.
Workaround: There is no workaround.
•CSCed36440
Symptoms: Invalid AVL messages may be generated over a period of time.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with 2000 IPSec tunnels when a HA switchover occurs once every hour.
Workaround: There is no workaround.
•CSCed47996
Symptoms: A router that runs IPSec with the Cisco Tunnel Endpoint Discovery (TED) protocol may generate spurious memory access tracebacks at the very beginning of the boot process.
Conditions: This symptom is observed when the router is reloaded while a peer is still sending traffic and when an IKE SA is created before a crypto map is applied to an interface.
Workaround: There is no workaround.
•CSCed48132
Symptoms: A router running CEF may report an "IP Null turbo vector" status message.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(6) and that has an AIM-VPN/EPII.
Workaround: Manually disable and reenable CEF. The status message then changes to "IP CEF VPN Feature Fast switching turbo vector."
•CSCed49294
Symptoms: A Cisco 3600 series with an NM-CT1/E1 network module that contains an NM-xDM network module may not allow incoming modem calls and generate the "no modem available" error message even though the output of the show modem command indicates that there is a free modem available.
Conditions: This symptom is observed when frequent retrains occur on the modems.
Workaround: There is no workaround.
•CSCed55201
Symptoms: A serial interface may stop transmitting, and the following error message may be generated:
%RSP-3-RESTART: interface Serial1/0/2, not transmitting
-Traceback= 403D8D88 403E2830 4036B72C 4036B718Conditions: This symptom is observed on a Cisco 7500 series that is configured with an 8-port serial V.35 port adapter (PA-8T-V35).
Workaround for HDLC interfaces: Disable CDP, the passive interface, and the outbound IP ACL.
Workaround for Frame Relay interfaces: Disable CDP, the passive interface, the outbound IP ACL, and LMI.
•CSCed55231
Symptoms: Channels may occasionally hang on an MRP.
Conditions: This symptom is observed on an MRP that runs Cisco IOS Release 12.3(2)XA and that uses the R2 protocol. The symptom may also occur in Release 12.3.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected voice ports.
•CSCed63357
This caveat consists, of six separate symptoms, conditions, and workaround, of which the first three apply to all Cisco IOS releases and the last three apply only to Cisco IOS Release 12.3 T:
1) Symptoms: There are three symptoms:
–There may be a inconsistent or duplicate display of files between the show diskslot-number and dir diskslot-number commands.
–When a file is deleted from the CLI, the file may be deleted but a "No such file" message may be printed.
–One cluster may leak. Entering the fsck command truncates the original file and creates an orphan file for the leaked cluster.
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC:" mode, as in the following example:
show version | append disk#:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#vtp file new
Setting device to store VLAN database at filename new.
Router(config)#^ZWorkaround: There is no workaround.
2) Symptoms: The show diskslot-number and dir diskslot-number commands may show inconsistent information (such as inconsistent file sizes) when multiple images are copied.
Conditions: This symptom is observed when you make two copies of the image file to the disk by using two vtys and by entering the dir diskslot-number command at the same time.
Workaround: Do not enter the show diskslot-number and dir diskslot-number commands when multiple images are being copied.
3) Symptoms: There are two symptoms:
–The show diskslot-number and dir diskslot-number commands may show inconsistent information.
–Entering the fsck command may delete or truncate the valid files or create an orphan file for an unused cluster.
Conditions: This symptom is observed when you rename a directory that consists of many subdirectories or files.
Workaround: Reload the router.
4) Symptoms: There are two symptoms:
–There may be a duplicate entry for each file when you enter the show diskslot-number command.
–An snmpGet on a ciscoFlashFileSize object may enter a loop.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T after the router boots up.
Workaround: There is no workaround.
5) Symptoms: There are two symptoms:
–The show diskslot-number and dir diskslot-number commands may show inconsistent information.
–Entering the fsck command may delete or truncate the original file.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T when an application or a CLI command overwrites a file on the disk.
Workaround: Reload the router.
6) Symptoms: A router that runs Cisco IOS Release 12.3 T crashes.
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC" mode and attempts to delete the file, as in the following example:
show version | append disk0:redirect.out" and issuing
delete disk0:disk0:redirect.outWorkaround: Reload the router and delete the file.
•CSCed68523
Symptoms: A LAC sends incorrect connection speed information in the L2TP setup message to the LNS, which in turn gets forwarded to the AR RADIUS server for authentication.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3(6.2)T2. The symptom may also occur in other releases.
Workaround: There is no workaround.
•CSCed69858
Symptoms: A Cisco platform that runs SSH may crash when the show ssh command is entered.
Conditions: This symptom is observed when a number of SSH session negotiations are in progress.
Workaround: There is no workaround.
•CSCed70198
Symptom: The line protocol may go down.
Conditions: This symptom is observed when Frame Relay fragmentation is enabled on the main interface.
Workaround: There is no workaround.
•CSCed70886
Symptoms: All traffic stops after you perform an OIR of a PA-8B.
Conditions: This symptom is observed on a Cisco 7200 series that functions in an ISDN leased line configuration.
Workaround: There is no workaround.
•CSCed72895
Symptoms: When a router with NM-xDM and NM-xCE1T1-PRI network modules is configured for CAS calls by entering the ds0-group command on the T1 or E1 controller, and digital modem call setup and teardown is attempted repeatedly, the T1/E1 firmware may crash. When this occurs, the following messages is displayed on the console:
%CONTROLLER-2-FIRMWARE: Controller E1 1/0, firmware is not running
Conditions: This symptom is observed when the setup and teardown attempt occurs with extremely heavy background traffic, causing the attempt to be repeated several times.
To return the NM-xDM or NM-xCE1T1-PRI to normal operation, reload the router. On a Cisco 3745, you can power-cycle the NM-xCE1T1-PRI to return it to normal operation by entering the following commands, in which the slot-number argument is the slot in which the NM-xCE1T1-PRI is installed:
–To power off the network module, enter the test oir slot-number 0 command.
–To power on the network module, enter the test oir slot-number 1 command.
Workaround: There is no workaround.
•CSCed74933
Symptoms: A Cisco 12000 series may exhibit high CPU utilization in the "Per-Second Job" process.
Conditions: This symptom is observed on a Cisco 12012 router that has a GRP and that is running Cisco IOS Release 12.0(26)S1 with 255 class maps applied to a 4-port ISE Gigabit Ethernet line card. However, the symptom is release- and platform-independent.
Workaround: Reduce the number of applied class maps.
•CSCed86368
Symptoms: When you globally remove an access control list (ACL) from an interface, a software-forced crash may occur on a router.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6) when you enter the clear ip auth-proxy cache * command after you have globally removed the ACL. The symptom occurs even if you re-add the ACL before you enter the command.
Workaround: There is no workaround.
•CSCed89412
Symptoms: An MLP-to-Frame Relay test may fail because some packets are accounted for as route-cache switched instead of process switched and vice versa. However, the packets are switched correctly.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround.
•CSCed89815
Symptoms: A bus error may occur on a Cisco router when you enter the trace command such as, for example, the trace www.a.net command. When you enter the show version EXEC command, the following error messages may be displayed:
System returned to ROM by bus error at PC 0xXXXXXXXX, address 0xYYYYYYYY
0xXXXXXXXX represents the program counter at which the router reloads; 0xYYYYYYYY represents the address at which the router reloads.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(15)BC1 but may also occur in Release 12.3 or 12.3 T.
Workaround: There is no workaround.
For more information on bus errors, refer to the following URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a 00800cdd51.shtml
•CSCed93986
Symptoms: A router reloads when a reply for a courtesy DeReg is processed.
Condition: This symptom is observed on a router that is configured for mobile IP when a DeReg is sent when MR solicitations fail. The symptom does not occur in other cases when a DeReg is sent.
Workaround: There is no workaround.
•CSCed94598
Symptoms: A Route Processor Module (RPM) overshapes the traffic by 0.3 to 0.5 percent above the SCR.
Conditions: This symptom is observed on an RPM that runs Cisco IOS Release 12.2(15)T4 and that sends traffic that terminates on an ATM User Service Module (AUSM). The symptom may also occur in Release 12.3.
Workaround: Reduce the SCR value on the RPM by 0.5 percent to compensate for the shaping error.
•CSCed94865
Symptoms: A router reloads when receiving IPX packets.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) and that is configured for IPX networking. The router may reload after named ACLs have been displayed.
Workaround: There is no workaround.
•CSCed95499
Symptoms: A Cisco router may crash if a PA driver attempts to convert an uncached iomem address to a cached iomem address.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-G1.
Workaround: There is no workaround.
•CSCee01521
Symptoms: A router may reload after sending some traffic during the PPPoE client authentication setup.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) when the clear pppoe all command is entered on the PPPoE client after both corresponding ATM and dialer interfaces have been shut down first.
Workaround: Do not enter the clear pppoe all command on the PPPoE client when the ATM and dialer interfaces are shut down.
•CSCee01688
Symptoms: A NAS crashes when stress scripts are running and when bulk calls are made.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5800 that are configured for T1 when scripts run that enter the shutdown command followed by the no shutdown command on controllers in digital callers and the clear modem all command in analog callers. The NAS is stressed with both analog and digital calls made from a traffic generator that sends 20 packets per second and the scripts run every 10 minutes.
Workaround: There is no workaround.
•CSCee01844
Symptoms: A Cisco 3660 may crash and report a software forced crash/watchdog timeout at the VTSP process.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(6) or 12.3(9).
Workaround: There is no workaround.
•CSCee02643
Symptoms: When a DSPFARM is configured on a Cisco VG200, on every other conference calls there is only one-way audio.
When you enter the show sccp conn command on the DSPFARM, the output shows three users in the conference, the sessions are in the "sendrecv" state, and the IP addresses of the sessions are shown.
The output of the show dspfarm session command shows the same three users, but one DSP session is in the "recvonly" state and has an IP address of 0.0.0.0.
When the conference call works properly, the commands outputs show "sendrecv" as the state and the proper IP addresses of the sessions.
Conditions: This symptom is observed on a Cisco VG200 that runs Cisco IOS Release 12.3(6) and that is connected to a Cisco CallManager that runs software version 3.3.3 sr4a.
Workaround: There is no workaround.
•CSCee03464
Symptoms: The SSRC parameter for an RTP packet with a dynamic payload type may be set to zero.
Conditions: This symptom is observed on an IP-IP gateway when the incoming call leg is bridged to the outgoing call leg.
Workaround: There is no workaround.
•CSCee05729
Symptoms: dCEF may be disabled on some VIPs that are installed in a Cisco 7500 series.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for Network-Based Application Recognition (NBAR).
Workaround: Disable NBAR.
•CSCee06881
Symptoms: An EZVPN client crashes when the user hits the "return" key after the user name prompts.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 or 12.3 T.
Workaround: There is no workaround.
•CSCee08098
Symptoms: When you dial up with SLIP in dedicated mode, the IP address may not be dynamically assigned and there may be a problem to connect to a client.
Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(6).
Workaround: There is no workaround.
•CSCee11436
Symptoms: A DSP module may enter a bad state after configuring a DS0 group over E1 or T1 with an FXS Loop Start signal. If a voice call goes into the DSP that is in this state, the call fails.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 or 12.3 T.
Workaround: There is no workaround.
•CSCee11770
Symptoms: All SWIDBs may be used.
Conditions: This symptom is observed when PPPoA sessions flap continuously.
Workaround: There is no workaround.
•CSCee12172
Symptoms: Although traffic passes through the BRI port, the B1 and B2 LEDs do not light.
Conditions: This symptom is observed on a Cisco 3640 that runs Cisco IOS Release 12.3(1a) and that has a WIC-1B-S/T installed in an NM-2FE-2W in slot 0 after the router has been powered off and on. The symptom may also occur on a Cisco 3620 in the same configuration.
Workaround: Enter the clear interface BRI0/0 command to enable the LEDs to function properly.
•CSCee13365
Symptoms: A Cisco AS5400 hangs intermittently.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.2(2)XB8, 12.2(11)T10, or 12.3 when CEF is enabled.
Workaround: There is no workaround. To restore the platform to proper operation, power-cycle the platform.
•CSCee15593
Symptoms: A VAM2 fails to come up on a Cisco 7200 and the following message is displayed:
VPN_HW-1-INITFAIL:MIPS not ready to send response mbox_pass.
Conditions: This symptom is seen only with the c7200-jk9s-mz image.
Workaround: Use any other image, such as c7200-jk9o3s-mz, c7200-ik9s-mz, or any other combinations.
Further Problem Description: This is specific to c7200-jk9s-mz because of static memory initialization which forces the micro code span across the available PCI window. This has not been observed with other images.
•CSCee16544
Symptoms: When you use VXML scripts to play WAV files with TTS as an alternative prompt, the WAV files may play at a faster speed then they should play.
Conditions: This symptom is observed when you play g711aLaw WAV files with TTS as an alternate prompt.
Workaround: Convert the WAV files to the g711uLaw format.
Alternate Workaround: Play the WAV files as prompts without TTS as an alternative prompt.
•CSCee17275
Symptoms: A Cisco router that has IP and RTP header compression enabled on a PPP multilink rejects IPCP about two out of three times when booting.
Conditions: This symptom is observed when the router is connected to a Cisco 7200 series via Frame Relay. The Cisco 7200 series is configured for Frame Relay to ATM service interworking (in transparent mode). When the router is connected to a Cisco IGX platform, the symptom does not occur.
Workaround: Enter the shutdown command followed by the no shutdown command on the interface to enable IPCP to come up.
Alternate Workaround: Remove IP and RTP header compression to enable IPCP to come up.
•CSCee18080
Symptoms: A Cisco 3725 router reloads when you enter the no channel-group command on a T1 controller that is present in the motherboard WIC slot for a channel group that is created via an AIM-ATM.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS interim Release 12(3.7)T when the "channel-group" parameters are changed for an existing channel group and when you subsequently enter the no channel-group command.
Workaround: Remove the channel group before you change any "channel-group" parameters for the existing group and create a new channel group with the new set of parameters.
•CSCee18125
Symptoms: A Cisco 831 may crash with a SegV exception when you apply an EZVPN configuration to more than three inside interfaces and try to establish an EZVPN session.
Conditions: This symptom is observed on a Cisco 831 that runs the c831-k9o3y6-mz image of Cisco IOS Release 12.3(2)XE. The symptom may also occur in Release 12.3 or 12.3 T.
Workaround: Do not apply the EZVPN configuration to more than three inside interfaces.
•CSCee18883
Symptoms: All VIPs in a Cisco 7500 series restart as a consequence of a Cbus complex that is triggered by a stuck output. Just before the output becomes stuck, IPC timeout errors occur.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5) in a dLFIoATM environment.
Workaround: There is no workaround.
•CSCee20366
Symptoms: IMA link status sticks in NE usable/usable while showing FE active/active.
Conditions: This happens when connecting an IMA module in a Cisco 3640 to a third party vendor switch.
Workaround: Administratively shut down the link and then bring it back.
•CSCee20405
Symptoms: If MGCP messages that are sent from a gateway are not acknowledged by the call agent, memory corruption may occur on the gateway. This situation may cause the gateway to crash, or unusual or strange behavior may occur.
Conditions: This symptom is observed when the following conditions are met:
–The target call agent has an address in which the first octet is larger than 128. For example, a call agent IP address of 129.x.x.x (129 > 128) may cause the symptom to occur, but 7.x.x.x (in which x is any number between 0 and 255) does not. The IP address is set by a CLI configuration that is similar to the mgcp call-agent ipaddr service-type mgcp version 0.1 command or is set by a notify entity "N:" line in a call agent message.
–The call agent is disabled or unresponsive to messages like RSIP or NTFY that originate on the gateway.
–The MGCP suspicion and disconnect thresholds are set low enough to cause MGCP to cycle through many addresses before giving up. These values are set in an MGCP profile by entering the max1 retries number and max2 retries number commands.
Workaround: Increase the values of the number arguments in the max1 retries number and max2 retries number commands in the MGCP profile. The default values should be sufficient to prevent the symptom from occurring.
•CSCee21380
Symptoms: QSIG call redirection does not function.
Conditions: This symptom is observed on a Cisco voice gateway that runs Cisco IOS Release 12.3(6).
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2(23).
•CSCee22521
Symptoms: Without a GKTMP server, calls are not routed based on the destination carrier ID in ARQ.
Conditions: This symptom is observed on a Cisco gatekeeper.
Workaround: Use a GKTMP server.
•CSCee23781
Symptoms: A Cisco AS5850 does not fragment data packets.
Conditions: This symptom is observed when data packets enter the Cisco AS5850 through async (modem) interfaces and when the MTU on the egress Gigabit Ethernet interface is smaller than the ingress MTU or when L2F encapsulation overhead requires fragmentation. Async PPP sessions forwarded via L2TP are not affected by this problem.
Workaround: Increase the Gigabit Ethernet MTU to avoid fragmentation.
•CSCee25228
Symptom: The MBS value may be incorrect when you configure VBR-nrt for a PVC on an ATM interface.
Conditions: This symptom is observed when you first configure VBR-nrt with identical values for PCR and SCR, as in the following example:
pvc 2/5
vbr-nrt 3000 3000When the PCR value is identical to the SCR value, MBS should not be configured. When you then apply a different PCR and SCR value (although still identical values for the PCR and SCR), the MBS is calculated as shown below:
pvc 2/5
vbr-nrt 2000 2000 94This MBS value is not accepted as a valid value when you reload the router because the MBS should be 1 or nothing when the PCR value is identical to the SCR value.
Workaround: Remove the PVC and reapply the configuration.
•CSCee26700
Symptoms: A router may experience a memory leak when the LSR MIB is queried.
Conditions: This symptom is observed on a Cisco router running Cisco IOS Release 12.2(15)T10 but is software-independent.
Workaround: Disable the LSR MIB queries and reboot the device to reclaim the leaked memory.
•CSCee27255
Symptoms: An error message similar to the following can be seen on a Label Switch Controller (LSC):
%SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 20. -Process= "VSI Master", ipl= 0, pid= 116 -Traceback=
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x603851D8 reading 0x3A %ALIGN-3-TRACE: -Traceback= %ALIGN-3-TRACE: -Traceback=
Conditions: This symptom is observed on an LSC that processes cross-connection requests.
Workaround: There is no workaround.
•CSCee27327
Symptoms: Spurious memory accesses may occur on a Cisco media gateway, and MGCP request messages that have the Q: parameter (quarantine) may be handled improperly.
Conditions: This symptom is observed on Cisco media gateway that is configured for MGCP call control.
Workaround: There is no workaround.
•CSCee28518
Symptoms: The no policy-map command generates multiple error messages.
Conditions: This has been observed when a service-policy is attached to a virtual-template that is used by a PPPoA interface.
Workaround: Remove the service-policy from the virtual-template before issuing the no policy-map command.
•CSCee29525
Symptoms: A Cisco AS5300 may leak memory in the ISDN process.
Conditions: This symptom is observed on a Cisco AS5300 that runs Cisco IOS Release 12.3(6).
Workaround: There is no workaround.
•CSCee29919
Symptoms: A VoIP gateway may send an incorrect cause code.
Conditions: This symptom is observed under rare circumstances when the VoIP gateway that is connected to the PSTN and that uses R2 signaling seizes the channel and sends a seizure to the PSTN. The PSTN does not respond, and after 5 seconds, the gateway clears the call via a normal disconnect message. This situation causes the CCM to drop the call right away. The gateway should not send a normal disconnect message.
Workaround: There is no workaround.
•CSCee30355
Symptoms: A Cisco router may experience a memory leak. The "Holding" column in the output of the show process memory command shows that the "VTEMPLATE Backgr" process allocates memory without freeing it. This column will continue to grow until all the memory is consumed.
Conditions: This symptom is observed on a Cisco router that is configured for RIP version 2.
Workaround: Schedule the router for a periodic reload before it completely exhausts all available memory.
•CSCee30390
Symptoms: An "error.semantic" error may occur in an external or internal ECMA script.
Conditions: This symptom is observed when there is an "\n" character in a string in the script.
Workaround: Replace the "\n" character with an "\x0a" character.
•CSCee32606
Symptoms: A router may crash when it regenerates SSH RSA keys.
Conditions: This symptom is observed on a Cisco router that is configured for SSH when low memory conditions occur.
Workaround: There is no workaround.
•CSCee32778
Symptoms: A Cisco router may reject an inbound SSH/Telnet connection.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6a) when the ip audit command is enabled on an interface of the router.
Workaround: In addition to the ip audit command, also enter the ip inspect inspection-name in command for TCP/UDP on the interface.
•CSCee33060
Symptoms: TBCT may not work properly.
Conditions: This has been observed on a Cisco AS5850.
Workaround: There is no workaround.
•CSCee33485
Symptoms: A URM that is configured as an LSC does not pass traffic. Xtags come up but traffic does not pass.
Conditions: This symptom is observed on a URM that runs Cisco IOS Release 12.3(6). The symptom does not occur on other software trains.
Workaround: There is no workaround.
•CSCee34076
Symptoms: Routes that are removed soon after an SSO switchover occurs may remain in the CEF table.
Conditions: This symptom is observed when VRFs are configured.
Workaround: There is no workaround.
•CSCee34508
Symptoms: A low bandwidth interface stops to transmit packets and may flap.
Conditions: This symptom is observed on a Cisco 7200 series with an NSE-1 processor and on a Cisco 7401 series that has PXF enabled. The symptom occurs when a policy map contains that LLQ is attached to the outbound interface and when there is a high amount of egress LLQ traffic. Note that if keepalives are disabled, the interface does not flap but still does not pass traffic.
Workaround: Disable PXF by entering the no ip pxf command.
•CSCee34877
Symptoms: A Cisco AS5400 may crash with a bus error at address 0xFFFFFFFF.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(6) only when facility messages are generated. The symptom may also occur on a Cisco 1700 series and Cisco 2600 series.
Workaround: There is no workaround.
•CSCee37398
Symptoms: On a Cisco 3700 series with an AIM-IMA configuration, the T1 controller operating in IMA mode may remain in a down state and may generate a "Receiver has remote alarm" message.
Conditions: This symptom is observed on a consistent basis when the circuit is taken down for testing.
Workaround: Put up a hardware loop on the T1 interface and drop it. Then, reconnect the circuit. Doing so enables the T1 to remain up.
•CSCee38105
Symptoms: A router that has a service policy applied to a large number of PPP sessions via a virtual template may crash due to a watchdog timeout.
Conditions: This symptom is observed when the service policy is removed from the configuration.
Workaround: There is no workaround.
•CSCee40516
Symptoms: A router may reload unexpectedly when a VTSP stacklow condition occurs.
Conditions: This symptom is observed on a Cisco router that is configured for Voice over IP (VoIP).
Workaround: There is no workaround.
•CSCee41492
Symptoms: When a crypto map is applied to certain subinterface configurations, the IPSec SA path MTU is not always calculated correctly. This does not happen to every subinterface configuration and does not happen all the time. The root cause is related to the event handling when subinterface IP MTU is changed during the router initialization.
Conditions: This symptom occurs when a crypto map is applied to certain subinterface configurations.
Workaround: There is no workaround.
•CSCee43701
Symptoms: Spurious memory accesses may occur on a VIP, causing the CPU utilization to increase to 99 or 100 percent and the performances of the VIP to be impacted.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3.
Workaround: There is no workaround.
•CSCee43714
Symptoms: A router displays the following error message:
%VPN_HW-1-PACKET_ERROR: slot: 1 Packet Encryption/Decryption error, Output Authentication error(0x20000000)
There is insufficient information in this message to properly troubleshoot the situation. The error message should state the source and destination IP addresses and possibly a packet dump.
Conditions: This symptom is observed on a router that functions in an VPN environment, with hardware crypto accelerator.
Workaround: There is no workaround.
•CSCee43883
Symptoms: A Cisco VG200 displays the following error message during the boot process and fails to boot:
Unexpected exception to CPUvector 1100, PC=0
Conditions: This symptom is observed on a Cisco VG200 that runs the vg200-i6s-mz image of Cisco IOS interim Release 12.3(8.3) or interim Release 12.3(8.4), both of which are interim releases for Release 12.3(9).
Workaround: There is no workaround. Note that the symptom does not occur in interim Release 12.3(7.10) or earlier releases.
•CSCee44279
Symptoms: A Cisco router reboots more than once when using Cisco IOS Release 12.2(16b).
Conditions: This problem is observed by doing the shut command followed by the no shut command on the ATM interfaces several times with traffic flowing through and by having QoS, service policy, and hardware encryption configured on ATM IMA interfaces.
Workaround: Remove the service-policy prior to doing the shut command followed by the no shut command. Alternatively, stop the traffic prior to doing the shut command followed by the no shut command.
•CSCee45089
Symptoms: Serial cards that are plugged into an NM-2W network module may produce an incorrect CNS inventory XML. This situation prevents a complete configuration from the configuration server.
Conditions: This symptom is observed when any of the following commands are enabled:
–cns config initial ip-address inventory command.
–cns config partial ip-address inventory command.
–cns config retrieve ip-address inventory command.
–cns inventory command.
Workaround: There is no workaround.
•CSCee45160
Symptoms: Async dialin fails for a Windows dialup client requesting MS callback.
Conditions: This symptom is observed on a Cisco 3700 series that runs a Cisco IOS image with an IPBASE feature set and that has the ppp callback accept or ppp callback permit command enabled on the Group-Async interface.
Workaround: Either disable MS Callback by disabling the ppp callback accept or ppp callback permit command on the Group-Async interface or use a Cisco IOS image with an IP instead of an IPBASE feature set.
•CSCee45312
Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.
Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected.
Only the systems that are running certain versions of Cisco IOS are affected.
Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
Refer to the Security Advisory at the following URL for more details
http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml
•CSCee47151
Symptoms: When you enter the shutdown command followed by the no shutdown command on an ATM interface, the source address on the ACL between the routers may change unexpectedly, causing IPSec to fail. The following is an example of an unexpected change in the source address on the ACL:
ip access-list extended acl1
permit ip any host a.b.c.d
permit ip any w.x.y.z 0.0.0.63 <--- this statement is changed to
ip access-list extended acl1
permit ip any host a.b.c.d
permit ip host 0.0.0.0 w.x.y.z 0.0.0.63 <--- this statement
Conditions: This symptom is observed on a Cisco 7206VXR that runs the c7200-ik2s-mz image of Cisco IOS Release 12.1(19)E3 but may also occur in other releases such as Release 12.3 and Release 12.3 T.
Workaround: Manually change the ACL statement back to original configuration.
•CSCee47441
Symptoms: When the Cisco IOS Firewall CBAC is configured, the router seems to have a software-forced reload caused by one of the inspections processed.
Conditions: This symptom is observed when the router is part of a DMVPN hub-spoke with a Cisco VoIP phone solution deployed on it and the router is connected to the central office over the Internet. The Cisco VoIP phone runs the SKINNY protocol.
Workaround: There is no workaround.
•CSCee48328
Symptoms: For a call setup from VoFR to ISDN between two PBXs, the OGW does not pass the calling number to the TGW.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(6a) for every call in the following topology:
Phone 1 connects to PBX 1, which connects via ISDN to the OGW (Cisco 3660). The OGW connects via VoFR to the TGW (Cisco 1751). The TGW connects via ISDN to PBX 2, which connects to phone 2.
Note that the symptom is not platform-specific.
Workaround: There is no workaround.
•CSCee48845
Symptoms: You cannot configure QoS parameters for a Gigabit Ethernet range.
Conditions: This symptom is observed when you configure shaping parameters on a Cisco 7301.
Workaround: There is no workaround.
•CSCee49301
Symptoms: There are many "lost received" and lost fragments on multilink interfaces when a Multilink PPP (MLP) link is at 34 to 45 percent.
Conditions: This symptom is observed on a Cisco 7500 series that has RSP-based MLP enabled and FIFO queuing configured on multilink interfaces.
Workaround: Perform the following steps:
1. Enable fair-queuing on multilink interfaces.
2. Enter the transmit buffers backing-store command on the member links.
3. For T1 interfaces, change the tx-queue-limit to 19.
4. Enter the multilink queuing bypass-fifo hidden command.
•CSCee49556
Symptoms: When a T.38 fax failure occurs, for example because a call is disconnected, a Cisco AS5400 may incorrectly generate the following message in its log:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel <channel specific information>
T38 Codec Switch Failed or Timed outConditions: This symptom is observed when there is no real failure in the codec download. The symptom may occur when a disconnect from the telephony side occurs while the Cisco AS5400 is in the middle of a codec download.
Workaround: There is no workaround.
•CSCee49862
Symptoms: A Cisco 7500 series multichannel T3 port adapter (PA-MC-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•CSCee49875
Symptoms: Spurious memory accesses may occur on a Cisco 1700 series after you disable IPSec tunnel protection.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround.
•CSCee50054
Symptoms: A Cisco AS5300 running Cisco IOS Release 12.3(6) may encounter a bus error.
Conditions: This symptom is observed when a Cisco AS5300 is running voice traffic under a heavy load.
Workaround: There is no workaround.
•CSCee50159
Symptoms: A router that functions as a VRF On Demand Address Pool (ODAP) manager may reload.
Conditions: This symptom is observed when the router that functions as a VRF ODAP manager attempts to renew a subnet lease that was removed from the ODAP pool via the clear ip dhcp subnet * command or the no origin dhcp command. The symptom occurs only when the subnets in the ODAP pool are cleared.
Workaround: Do not clear the ODAP pool subnets.
First Alternate Workaround: Configure the VPNID in the global VRF configuration.
Second Alternate Workaround: Do not use a VRF in the ODAP configuration.
•CSCee51662
Symptoms: A VIP4-80 that is installed in a Cisco 7513 may reload unexpectedly when the ip rtp header-compression command is enabled on a PA-MC-STM-1SMI interface that is installed in the VIP4-80 and when corrupt frames are received.
Conditions: This symptom is observed on a Cisco 7513 that runs the rsp-jsv-mz image of Cisco IOS Release 12.3(6a).
Workaround: Disable the ip rtp header-compression command by entering the no ip rtp header-compression command.
•CSCee52937
Symptoms: Upon resetting or reloading a Cisco 3700 series, the IP phones that are connected to an NM-ESW-16 no longer receive power from the internal power supply.
Conditions: This symptom is observed when a Cisco 3725 is configured with an NM-ESW-16 and when three IP phones are directly connected to the NM-ESW-16. The symptom may also occur on another Cisco 3700 series router.
Workaround: For the interfaces that do not receive power, enter the shutdown command followed by the no shutdown command on the interface of the NM-ESW-16 or disconnect and reconnect the FE cables that run between the NM-ESW-16 and the IP phones.
•CSCee53709
Symptoms: A Cisco 3700 series with an NM-1A-OC3, NM-1A-T3, or NM-1A-E3 network module with many VCs of the same class may reload because of a bus error.
Conditions: This symptom is observed when you configure more than 255 VCs of the same QoS type on the ATM interface, when traffic is processed on all VCs, and when a line error occurs.
Workaround: There is no workaround.
•CSCee55596
Symptoms: A stack trace occur when a Cisco 7200 series or Cisco 7301 boots up.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7301 that are configured with an NPE-G1.
Workaround: There is no workaround.
•CSCee55646
Symptoms: Incoming calls via analog FXO voice cards may be disconnected as soon as the called party goes off-hook.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(3), 12.3(6a) or a later release and that is configured with VIC-2FXO-M1 voice interface cards. The symptom occurs in both a battery-reversal configuration and a supervisory tone disconnect configuration. Note that the symptom does not occur in Release 12.2(15)T and earlier releases.
Workaround: There is no workaround.
•CSCee55700
Symptoms: A memory leak may occur in the gatekeeper process.
Conditions: This symptom is observed on a Cisco 7200 series that functions as a gatekeeper, that is configured for H.323, and that runs Cisco IOS Release 12.3(6a).
Workaround: There is no workaround.
•CSCee56210
Symptom: An outbound call may fail when an FXO port is stuck in the "FXOLS_PARK" state.
Condition: This symptom is observed on a Cisco 1760 that has a VIC-2FXO that is connected to PSTN lines. The voice port enters the "FXOLS_PARK" state because the DSP detects a DISCONNECT signal while being in the ON-HOOK state.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected voice port.
•CSCee56225
Symptoms: A Cisco router may experience alignment errors involving MPLS and BGP, and the output of the show alignment command may show the following information:
Total Spurious Accesses 1, Recorded 1
Address Count Traceback C 1 0x612EE93C 0x60BD2894 0x60BD2F0C 0x60B8C2DC
Conditions: This symptom is observed on a Cisco router that is configured for MPLS and BGP.
Workaround: There is no workaround. However, note that the symptoms are of a transient nature and do not affect the functionality of the router.
•CSCee58083
Symptoms: A Cisco router that runs a Cisco IOS interim release for Cisco 12.0(29)S or interim Release 12.3(9.3) or 12.3(9.2)T may log the following error message and traceback, and IPC services using large RPC messages/replies may fail:
%IPC-SP-5-INVALID: Invalid dest port=0x2220000
-Traceback= 402F3784 403027CC 403025AC 4030A10C 4030A4F8 4030A7B8 402F7E78 402F8244 40309478 402F8890 4033A0E8 40344284
Conditions: This symptom is observed without any external trigger occurring.
Workaround: There is no workaround.
•CSCee59256
Symptoms: You cannot execute the write memory or the dir filesystem command.
Conditions: This symptom is observed on a Cisco MGX 8850 that runs Cisco IOS Release 12.2(15)T4c and is populated with an MGX-RPM-PR-512 when the remote filesystem on the PXM45/B controller card is accessed. The symptom may also occur in Release 12.3.
Workaround: Switch over the PXM45/B controller card to the standby controller card.
•CSCee59585
Symptoms: On a Cisco router, the output of the execute-on slot number show ip cef prefix command may display the same imposed label twice for a recursive public route.
Conditions: This symptom is observed on a Cisco platform that supports distributed forwarding such as a Cisco 7500 series or a Cisco 12000 series when the neighbor name send-label command is configured under an IPv4 BGP address family on a VIP or line card and when one of the following actions occurs:
–You enter the clear cef linecard command.
–You perform an OIR of the VIP or line card.
–You enter the no ip cef distributed command followed by the ip cef distributed command.
The symptom disappears after the affected prefix flaps.
Workaround: There is no non-impacting workaround, but you can enter the clear ip route prefix command or reset the BGP peer to solve the problem.
•CSCee59815
Symptoms: MGCP quarantine mode is updated with each incoming MGCP message, independent of the fact that the message may not have Q-line. This behavior may cause regressions.
Note that the legacy behavior is to ignore any updates to the MGCP quarantine mode when no Q-line is present in the MGCP message.
Conditions: This symptom is observed when a Cisco gateway that runs Cisco IOS Release 12.3 or Release 12.3 T is configured for MGCP.
Workaround: There is no workaround.
•CSCee60224
Symptoms: A Cisco AS5350 or Cisco AS5400 may crash when making HDLC calls.
Conditions: This symptom is observed when all of the following conditions occur:
–An HDLC call is made using a Nextport card.
–The interface throttles during the call.
–The call is terminated while the interface throttles.
–The subsequent call for the serial interface is terminated on a Trunk card resource.
–Process switching is enabled.
Workaround: There is no workaround.
•CSCee60701
Symptoms: A Cisco router may reload with a SegV exception when you enter the no traffic-shape rate command on an Ethernet interface.
Conditions: This symptom is observed on a Cisco 1721 that runs Cisco IOS Release 12.3(5a) when the Ethernet interface is not configured for traffic shaping. The symptom is platform-independent.
Workaround: There is no workaround.
•CSCee61646
Symptoms: A multicast packet is not correctly encrypted through IPSec and GRE.
Conditions: This symptom is observed when PIM announcement packets are distributed through tunnels and when the crypto map that specifies the protection on the GRE traffic is only applied to the physical interface. Even though this is a correct way to apply the crypto map only to the physical interface to protect the GRE traffic, crypto policy checking is missing on PIM announcement packets.
Workaround: Apply the crypto map to both the tunnel interface and the physical interface.
•CSCee62082
Symptoms: After marking a high threshold, a call from a gateway that is registered with another gatekeeper is rejected because of Disconnect Cause 34 (no circuit/channel available) though there are channels available.
Conditions: This symptom is observed with a gatekeeper that is running Cisco IOS Release 12.3 T or Release 12.3, and with any gateway (can be from Cisco or a third party) that supports RAI functionality.
Resource Availability Indicator (RAI) and the gatekeeper clustering function are used. The originating gateway and terminating gateway are registered with different gatekeepers.
Workaround: Register all gateways with a single gatekeeper.
•CSCee63182
Symptoms: A Cisco 7200 series or another mid-range router may crash or may stop responding.
Conditions: This symptom is observed on a Cisco 7200 series or other mid-range router that runs Cisco IOS Release 12.3(6a). The crash occurs when an interface that is configured with a rate-limit command is deleted by entering the no interface command and then reenabled by entering the interface command.
Workaround: Remove the rate-limit configuration from the interface before deleting the interface.
•CSCee64286
Symptoms: An SA-VAM may become stuck after the following error message is generated:
rx_intr:*error* PA still owns free pool buffer {0xA,0xy,0xz,0xw}.
Conditions: This symptom is observed on a Cisco 7200 series when the SA-VAM gets out of synchronization with the Cisco IOS software image.
Workaround: Reload the crypto engine by entering the no crypto engine accel command followed by the crypto engine accel command. If the Cisco 7200 series runs Cisco IOS Release 12.1 E, reset the SA-VAM by entering the crypto card shut command followed by the crypto card enable command.
•CSCee65271
Symptoms: The crypto engine accelerator command is missing from a Cisco 1700 series for all crypto images.
Conditions: This symptom is observed on a Cisco 1700 series that is configured with a VPN accelerator card and that runs Cisco IOS interim Release 12.3(9.3) or a later interim release up to and including Release 12.2(9.8), or interim Release 12.3(9.3)T. Note that the symptom does not occur on a Cisco 831, Cisco 3640, Cisco 3745, and Cisco 7200 series.
Workaround: There is no workaround.
•CSCee65378
Symptoms: An error and tracebacks may occur during initialization, and the following error message may be generated:
SYS-2-INTSCHED: 'sleep for' at level 3 -Process= "Init", ipl= 3, pid= 3
Conditions: This symptom is observed on a Cisco 3725 and Cisco 3745 that use an AIM-VPNII for hardware acceleration.
Workaround: There is no workaround.
•CSCee65533
Symptoms: When you change the Cisco IOS release from Release 12.2 to Release 12.3(6a), a router may reload because of a bus error.
Conditions: This symptom is observed when a MQC-based policy and legacy fair queueing are configured on different Frame Relay subinterfaces of the same physical interface.
Workaround: There is no workaround.
•CSCee66206
Symptoms: When you boot a Cisco 7200 series that is configured with an NPE-300 or NPE-400 and that runs a c7200-js-mz image, the router may crash with a traceback.
Conditions: This symptom is observed when the c7200-kboot-mz image is the bootloader and when the router runs Cisco IOS interim Release 12.1(22.3)E1. The symptom may also occur in other releases such as 12.0 S, 12.2 S, and 12.3.
Workaround: There is no workaround.
•CSCee66214
Symptoms: A VIP may crash with a bus error after you have configured a multilink interface.
Conditions: This symptom is observed after you have configured a multilink interface with serial interfaces on a PA-MC-8TE1+ and PA-MC-8E1/120 port adapter.
Workaround: Use the same type of port adapter for each multilink interface.
•CSCee66778
Symptoms: Policy-based routing does not work when CEF is enabled. When CEF is disabled policy-based routing work fine.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(3) when the next-hop is both an adjacency route and an IGP route that has a different outbound interface.
Workaround: There is no workaround.
•CSCee66832
Symptoms: The output of the show ip access-list command does not show extended access lists.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.3)T. The symptom may also occur in Release 12.3.
Workaround: There is no workaround.
•CSCee67207
Symptoms: A public recursive route is not labeled.
Conditions: This symptom is observed on a Cisco router that functions as a BGP peer and that has the neighbor name send-label command enabled as part of an IPv4 address family, which is required for Inter-AS configurations. The symptom affects routers that perform MPLS forwarding using ASICs such as some Cisco 7200 series routers, the Cisco 7304, the Cisco 10000 series, the Cisco 12000 series, and the Cisco RPM-XF. (This list may not be exhaustive.)
Workaround: There is no workaround. Note that the symptom does not occur if the neighbor name send-label command is enabled as part of an IPv4 address family VRF.
•CSCee67278
Symptoms: A VIP may crash with a bus error and generate the following error message:
%ALIGN-1-FATAL: Illegal access to a low address
This occurs after the following scheduler error in the "req_proc" process:
%SYS-2-INTSCHED: 'sleep for' at level 2 -Process= "req_proc", ipl= 2, pid= 27
Condition: This symptom is observed on a Cisco 7500 series that runs a Cisco IOS image that contains the fix for CSCec07487 when a PA-MC-8TE1+ is installed in the VIP.
Workaround: There is no workaround.
•CSCee67685
Symptoms: A Cisco AS5850 may reload with a software forced crash.
Conditions: This symptom is observed on a Cisco AS5850 that runs the c5850tb-p9-m image of Cisco IOS Release 12.3(2)T6. The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
•CSCee67749
Symptoms: A Cisco router that is configured with a number of IPv6 addresses may not be able to remove the addresses that are configured.
Conditions: This symptom is observed when you try to remove an IPv6 address that is not lexicographically first within it's subnet.
For example, suppose the following IPv6 configuration is present on an interface:
ipv6 address 2001:db8:1111::1/64
ipv6 address 2001:db8:1111::2/64
ipv6 address 2001:db8:2222::1/64
ipv6 address 2001:db8:2222::2/64
ipv6 address 2001:db8:2222::3/64
ipv6 address 2001:db8:3333::1/64
ipv6 address 2001:db8:3333::2/64You enter the following commands:
no ipv6 address 2001:db8:1111::2/64
no ipv6 address 2001:db8:2222::2/64
no ipv6 address 2001:db8:3333::2/64In this situation, no address is removed.
Workaround: Within the subnet, remove the IPv6 addresses that appear lexicographically before the address you wish to remove. In the example presented above, to remove just 2001:db8:2222::2/64, you must enter the following commands:
no ipv6 address 2001:db8:2222::1/64
no ipv6 address 2001:db8:2222::2/64
ipv6 address 2001:db8:2222::1/64•CSCee67828
Symptoms: A remote shell command does not work when you attempt to enter the command on a router, and access may be denied from a local host.
Conditions: This symptom is observed when the ip rcmd remote host command is configured to use an ACL instead of a remote hostname or an IP address.
Workaround: Use the remote hostname or IP address in the ip rcmd remote host command.
•CSCee68766
Symptoms: HSRP on a subinterface or port channel may fail to open a UDP socket, preventing the HSRP group from receiving HSRP Hello messages from its peer, and possibly resulting in two active routers.
Conditions: This symptom is observed when no prior major interfaces have an IP address configured.
Workaround: Configure an IP address on a major interface that precedes the HSRP interface in the startup configuration.
•CSCee69057
Symptoms: A Cisco 7200 VXR router may hang.
Conditions: This symptom is observed on a Cisco 7200 VXR router that has a PA-MC-8TE1 and that is configured for IPSec encryption, either via tunnel protection or via a crypto map.
Workaround: Disable IPSec encryption.
•CSCee69942
Symptoms: A software-forced reload may occur on an MGCP gateway that uses embedded messages in the MGCP protocol.
Conditions: This symptom is observed on a Cisco platform that functions as an MGCP gateway and is caused by the MGCP embedded message processing.
Workaround: There is no workaround.
•CSCee70018
Symptoms: A router sends three access requests for one call session; the first request is the normal request, the second request has the right password but the wrong user name, and the third request comes just with the domain name as the user name.
Conditions: This symptom is observed with a call rate condition of above 20 calls per second and occurs randomly for a view call sessions only.
Workaround: There is no workaround.
•CSCee70864
This caveat consists of three symptoms, three conditions, and three workarounds:
Symptom 1: Memory utilization may increase on a Cisco IOS gatekeeper that functions as an originating gatekeeper (OGK). You must reboot the gatekeeper to enable it to return to normal operating conditions.
Condition 1: This symptom is observed when the following conditions are present:
–There are two or more remote zones configured for the same prefix and the gatekeeper receives ARQs for this prefix.
–All these remote zones are configured for inter-gatekeeper authentication using Cisco Access Tokens (CAT).
–The zone prefix is configured to send sequential LRQ messages.
Workaround 1: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
Symptom 2: Wrong CATs are sent to remote zones from a Cisco IOS gatekeeper that functions as an OGK.
Condition 2: This symptom is observed when the following conditions are present:
–There are three or more remote zones configured for the same prefix and the gatekeeper receives ARQs for this prefix.
–Each of these remote zones is configured for inter-gatekeeper authentication with a different password to be used for the creation of the CAT.
–The zone prefix is configured to send sequential LRQ messages.
Workaround 2: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
Symptom 3: A spurious memory access may occur on a Cisco IOS gatekeeper that functions as a directory gatekeeper (DGK).
Condition 3: This symptom is observed when the following conditions are present:
–There are two or more remote zones configured for the same prefix and the gatekeeper receives LRQ messages for this prefix.
–The second and subsequent remote zones are configured for inter-gatekeeper authentication using Cisco Access Tokens (CAT).
–The zone prefix is configured to send sequential LRQ messages.
Workaround 3: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
•CSCee71113
Symptoms: A router running IPSec prefragmentation may reload due to a bus error.
Conditions: This symptom is observed only with prefragmentation and occurs under special circumstances.
Workaround: Disable prefragmentation by entering the crypto ipsec fragmentation after-encryption global configuration command.
•CSCee71760
Symptoms: A Cisco access server does not report digital/ISDN data calls in the output of the show controllers e1 call-counters command. Analog calls are correctly counted.
The SNMP representation of active DS0s within the CISCO-POP-MGMT-MIB is also affected by this problem: the cpmActiveDS0s OID no longer shows the total number of calls, but reports only the number of analog/modem calls.
Conditions: This symptom is observed on a Cisco access server that runs Cisco IOS interim Release 12.3(7.9) or a later release.
Workaround: To retrieve the number of digital data calls using a CLI command, enter the show caller summary EXEC command. There is no workaround for SNMP retrieval.
•CSCee72863
Symptoms: When you enter the no shutdown command on an interface that provides connectivity to a server, the router on which the interface is configured may reload.
Conditions: This symptom is observed when the router runs the "connect interface" process of the CNS Configuration Agent during an initial configuration.
Workaround: Do not manually configure interfaces while the CNS Configuration Agent runs during an initial configuration.
•CSCee73221
Symptoms: RIP does not advertise a redistributed static route via an interface.
Conditions: This symptom is observed even when the split horizon mechanism is turned off on the interface.
Workaround: There is no workaround.
•CSCee73845
Symptoms: QoS does not classify IPSec packets in a GRE IPSec tunnel protection configuration, though the ToS byte is copied to the IPsec header.
Conditions: This symptom is observed only when QoS preclassification is not configured and when the ToS byte is used to classify traffic. The same QoS configuration works fine in a crypto map configuration or in a GRE tunnel configuration without IPSec.
Workaround: Configure QoS preclassification.
•CSCee74111
Symptoms: A Cisco voice gateway may reload with a bus error at an invalid address and generate the following error message:
System was restarted by bus error at by bus error at PC 0x60C7D834, address 0xD0D0D23
Conditions: This symptom is observed on a Cisco voice gateway that runs Cisco IOS Release 12.2(23b) and that is configured for H.323. The symptom may also occur in Release 12.3.
Workaround: There is no workaround.
•CSCee75776
Symptoms: A memory leak may occur on a Cisco AS5300.
Conditions: This symptom is observed when the Cisco AS5300 is configured for H.323.
Workaround: There is no workaround.
•CSCee76067
Symptoms: A memory leak may occur in the gatekeeper process.
Conditions: This symptom is observed on a Cisco 3700 series that functions as a gatekeeper and that is configured for H.323.
Workaround: There is no workaround. As a temporary workaround, reload the router to reclaim the memory.
•CSCee79688
Symptoms: When you boot a router, VBR-NRT configurations are lost. For example, when MBS is 32 and you boot the router, the VBR-NRT command in the startup configuration is not parsed to the running configuration:
vbr-nrt 1000 1000 32
^
% Invalid input detected at '^' marker.
The following example is a configuration before the symptom occurs:
interface ATM5/0.5 point-to-point
ip address xx.xx.xx.xx 255.255.255.0
pvc 1/105
vbr-nrt 1000 1000 32
!
After you boot the router, the configuration is as follows:
interface ATM5/0.5 point-to-point
ip address xx.xx.xx.xx 255.255.255.0
pvc 1/105
!
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(4.4) or a later release under the following conditions:
–An ATM PVC VBR-NRT is configured.
–The PCR is identical to the SCR.
–The MBS is larger than 1.
Note that symptom does not affect old style PVCs.
Workaround: Reconfigure the PVC to the same PCR and SCR value and configure the MBS value to "1".
•CSCee79812
Symptom: A Cisco 10000 series may crash when all PPPoA sessions time out.
Condition: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.3 or Release 12.3(7)XI when DBS is enabled.
Workaround: There is no workaround.
•CSCee82681
Symptoms: On an RTR probe, an RSP does not report input or output packets for serial interfaces of PA-MC-8T1, PA-MC-8E1, and PA-MC-8TE1+ port adapters.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(23a) or Release 12.3 and is more likely to occur when the number of channelized port adapters (such as the PA-MC-8T1, PA-MC-8E1, and PA-MC-8TE1+ port adapters) that are installed in the router is high.
Workaround: Reload the router.
Alternate Workaround: Enter the reload microcode router configuration command.
•CSCee83802
Symptoms: When the CNS configuration agent configures a Cisco IOS device, the configuration-complete message may not be send to the event bus.
Conditions: This symptom is observed when the CNS configuration agent configures a Cisco IOS device after the event gateway connection is disconnected and reconnected by entering the cns event command.
Workaround: Stop and restart the CNS configuration agent.
•CSCee83885
Symptoms: A router that is loaded with a VXML document may reload unexpectedly.
Conditions: This symptom is observed when subdialog tags are used.
Workaround: There is no workaround.
•CSCee84410
Symptoms: When you make a call via a Cisco AS5850, you may only hear one-way audio.
Conditions: This symptom is observed when the called party is behind a NAT gateway.
Workaround: There is no workaround.
•CSCee84496
Symptoms: An NPE-G1 may displays an erroneous parity error message.
Conditions: This symptom is observed on a Cisco 7200 series when the NPE-G1 receives an ECC/bus error.
Workaround: There is no workaround.
•CSCee86206
Symptoms: A Cisco AS5400 cannot send or receive large-sized packets over a serial interface.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(5c).
Workaround: There is no workaround.
•CSCee86453
Symptoms: A memory leak may occur on a Cisco IOS voice gateway that is configured for H.323.
Conditions: This symptom is observed when the gateway sends a Setup with a fastStart element and receives a ReleaseComplete with the reason "newConnectionNeeded." This situation may occur frequently when the gateway is registered with a GnuGK gatekeeper that runs in gatekeeper-routed mode.
Workaround: Limit the number of calls per TCP connection to 1 by entering the following sequence of commands:
voice service voip
h323
session transport tcp calls-per-connection 1•CSCee87680
Symptoms: A PXF exception may occur.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NSE-1 and on a Cisco 7401 when these platforms function as LNS L2TP tunnel endpoints under the following circumstances:
–PXF is enabled.
–NAT is configured on an L2TP virtual-template.
–A TCP stream goes through an L2TP session.
Workaround: Disable PXF by entering the no ip pxf command.
•CSCee87949
Symptom: A router that functions as a hub may crash when you bring up IPSec tunnels between one spoke and another spoke.
Conditions: This symptom is observed when you bring up 2000 IPSec tunnels between one spoke and another spoke when there are already 2000 existing IPSec tunnels between the hub and the spokes.
Workaround: There is no workaround.
•CSCee88334
Symptoms: Calls drop after 25 seconds.
Conditions: This symptom is observed on a Cisco AS5850 when the following commands are configured:
ip rtcp report interval 5001
gateway
timer receive-rtcp 5
Workaround: There is no workaround.
•CSCee88793
Symptoms: An HPR/RTP connection, identified by a TCID, may perform very slowly because of an excessively large delay change sum (DCS) value.
Conditions: This symptom is observed when a Cisco platform that functions as an HPR endpoint performs a path switch in times of instability. The DCS of the router may become corrupted because of the incorrect calculation of the last received rate request.
Workaround: Initiate a manual path switch at the mainframe end to reset the connection and clear the condition. Otherwise, reset the TCID, or wait until the natural decay of the DCS returns it to zero.
•CSCee88910
Symptoms: The RADIUS attribute 77 may use an incorrect value.
Conditions: This symptom is observed when the pvc-in-range command is enabled. The RADIUS attribute 77 should use a value in the range that is specified in the pvc-in-range command, but instead it uses a value below the range that is specified in the pvc-in-range command.
Workaround: There is no workaround.
•CSCee90946
Symptom: A Cisco AS5850 may reload because of a port management difficulty.
Conditions: This symptom is observed on a Cisco AS5850 that is configured with an enhanced route switch controller (eRSC) and that has SNMP enabled.
Possible Workaround: Disable SNMP.
•CSCee94294
Symptoms: %ALIGN-3-SPURIOUS and %ALIGN-3-TRACE messages may appear in the logs of a router, and the output of the show align command shows that some spurious memory accesses are recorded.
Conditions: This symptom is observed on a Cisco 7500 series when a dLFIoATM interface on the router flaps.
Workaround: There is no workaround. However, the capabilities and performance of the router are not affected.
•CSCee94761
Symptoms: A small memory leak may occur on a Cisco AS5xxx universal gateway that uses VXML ASR scripts.
Conditions: This symptom is observed when the VXML ASR grammar is already being defined while input is still being solicited after a no-input or no-match event.
Workaround: There is no workaround.
•CSCee94828
Symptoms: A SIGSM template does not work when the d[x] field is used to specify the maximum number of digits that need to be captured; the caller would have to enter x+1 digits in order for the call to go through correctly.
Conditions: This symptom is observed on a Cisco AS5850 when a signaling template is configured and when the maximum digit field is used.
Workaround: There is no workaround.
•CSCee95978
Symptoms: A Cisco 7200 series with an NPE-G1 may crash when you ping 50 5200-byte packets from one router that functions as a generator via the Cisco 7200 series with the NPE-G1 to another router that functions as a reflector. The three routers are connected back-to-back via static routers.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9a) but may also occur in other releases.
Workaround: There is no workaround.
•CSCee96231
Symptom: A Channel Interface Processor (CIP2) and an xCPA port adapter fail to load their microcode. The microcode bundle is expanding such that the files do not have the prefix. For example, the file cip28-17_kernel_hw4 is _kernel_hw4.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7500 series. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee13801. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•CSCef02332
Symptoms: A Cisco 7200 series with high-speed serial interfaces such as HSSI interfaces or PA-2T3+ interfaces may reload unexpectedly.
Conditions: This symptom is observed after you have performed an OIR of the HSSI or PA-2T3+ port adapter while traffic was being processed.
Workaround: Stop the traffic while you perform the OIR or shut down the port adapter before you perform the OIR.
•CSCef02388
Symptoms: A VAM2+ may fail to complete initialization.
Conditions: This symptom is observed when you use a 2-Mb flash device and when you use an HSP version earlier than version 3.1.3.
Workaround: Use a validated 1-Mb flash device or use a VAM2.
•CSCef04467
Symptoms: The MGCP default setting for a minimum jitter buffer size is 4 ms; this setting degrades the voice quality until you configure the setting to be different via the mgcp playout command.
Conditions: This symptom is observed under normal operating conditions.
Workaround: Configure the nominal MGCP default setting for the minimum jitter buffer size to be the same as for H.323 and SIP gateways so that the setting for each individual gateway does not need to be changed via the mgcp playout command.
•CSCef13353
Symptoms: An output policy map may not function on ATM point-to-point subinterfaces.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS interim Release 12.3(9.10)T but may also occur in other releases.
Workaround: There is no workaround.
•CSCef14548
Symptoms: A Cisco router accepts an incoming plaintext that matches the crypto map that is applied to an interface. The packet should be rejected because is should have been encrypted.
Conditions: This symptom is observed when all the following conditions occur:
–The interface is a serial subinterface.
–The interface has both fast switching and CEF switching disabled.
–The outgoing interface for the packet has fast switching or CEF switching enabled.
Workaround: Ensure that all interfaces have fast switching and CEF switching either enabled or disabled.
•CSCef15705
Symptoms: A router may crash when you enter the no ip inspect command.
Conditions: This symptom is observed on a Cisco router that does not have a firewall configured.
Workaround: Do not enter the no ip inspect command unless a firewall is configured on the router.
Note that the fix for this caveat enables you to enter the no ip inspect command even if no firewall is configured.
•CSCef17891
Symptoms: A Cisco 7500 series that is configured for Distributed Link Fragmentation and Interleaving (DLFI) may cause delays.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a multilink interface after the router is reloaded.
Workaround: Enter the shutdown command followed by the no shutdown command on the multilink interface.
•CSCef25881
Symptoms: A router that functions as a DHCP relay agent may drop DHCP packets that contain option 220. A client may not be able to receive an IP address. The following error message is displayed when the debug ip dhcp server packet command is enabled:
DHCPD: nonhierarchical subnet allocation is not supported in this image.
Conditions: These symptoms are observed when option 220 is used differently by some DHCP clients and servers. (Option 220 is not yet standardized). A Cisco IOS DHCP server or relay agent uses option 220 as a subnet allocation option. This situation may cause problems for certain DHCP clients and servers that use a proprietary option 220 in DHCP packets; such packets may be dropped by a Cisco IOS DHCP server or relay agent.
Workaround: There is no workaround.
•CSCef29091
Symptoms: A router may fail to advertise a prefix for which the network portion matches the major net. For example, when 10.0.0.0/8 is the major net, 10.0.0.0/16 is not advertised.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4) or a later release when the subnet between the two routers is in the same classful range as the advertised prefix of the advertising router.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
•CSCef34480
Symptoms: A router crashes when you enter the clear ip audit config command.
Conditions: This symptom is observed on a Cisco router that does not have IDS configured.
Workaround: Configure IDS on any interface of the router. The fix for this caveat enables you to enter the clear ip audit config command even when IDS is not configured.
•CSCef39466
Symptoms: A router may fail to advertise a major net route such as 10.0.0.0/8 to a RIP peer.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(3.3) or a later release when the route is redistributed from MP-IBGP into RIP and when the subnet connecting the RIP peer is in the classful range of the advertised major net.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
•CSCef46230
Symptoms: A Cisco Access server that terminates virtual-profile calls with per-user access control lists (ACLs) does not remove all per-user ACLs when calls are terminated. This situation may cause the memory of the access server to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco access server that runs a Cisco IOS Release that contains the fix for CSCee01688.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•CSCin67400
Symptoms: Traffic and pings fail when FRF.12 is configured on a POS link.
Conditions: This symptom is observed on a Cisco router that is configured with a PA-POS-2OC3 port adapter.
Workaround: There is no workaround.
•CSCin70397
Symptoms: A Cisco 3745 that functions as a gateway may stop responding after a configuration is downloaded from a CCM.
Conditions: This symptom is observed when you enable and disable the MGCP centralized configuration in a very fast loop for many hours.
Workaround: There is no workaround.
•CSCin70629
Symptoms: Attribute 45 is not sent in accounting records.
Conditions: This symptom is observed on a Service Selection Gateway (SSG).
Workaround: There is no workaround.
•CSCin70711
Symptoms: A login attempt to a cable modem that is configured for the SSH protocol may fail.
Conditions: This symptom is observed on a Cisco uBR9x5 router and Cisco CVA120 series that run Cisco IOS interim Release 12.3(7.8) or a later release when AAA is configured.
Workaround: Log in without SSH and AAA.
•CSCin71398
Symptoms: An Ethernet connection may be stuck on a Cisco uBR900 series cable modem.
Conditions: This symptom is observed on a Cisco uBR900 series cable modem that runs Cisco IOS Release 12.2(15)CZ when following conditions are present:
–The cable interface is reset.
–There is downstream traffic.
–The modem is configured with a DHCP proxy, NAT, or routing mode without IP cache entries.
The symptom may also occur in Release 12.3.
Workaround: Enter the clear interface ethernet 0 command.
•CSCin71824
Symptoms: Tracebacks are seen on a NAS when a voice call is disconnected.
Conditions: This symptom is observed on a Cisco AS5350 and Cisco AS5400 that function as a NAS.
Workaround: There is no workaround.
•CSCin73047
Symptoms: A call may fail with MGCP error code 400 (Voice setup failed).
Conditions: This symptom is observed when call is made from a Cisco AGM that functions as an MGCP gateway and that is registered to a Cisco CallManager.
Workaround: There is no workaround.
•CSCin74180
Symptoms: Spurious memory accesses may occur on a VIP card with installed channelized port adapter(s). the CPU utilization may increase to 99 or 100 percent, causing the performance of the VIP to be impacted.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(6).
Workaround: There is no workaround.
•CSCin74195
Symptoms: A cable modem may reload when the domain name ISAKMP group configuration command is entered.
Conditions: This symptom is observed on a Cisco uBR9x5 router and a Cisco CVA120 series that run Cisco IOS Release 12.3(9) when the domain name ISAKMP group configuration command is entered more than once. The symptom does not occur in Cisco IOS Release 12.3(6a) or earlier releases.
Workaround: Configure the command properly during the first attempt.
•CSCin74507
Symptoms: Modem passthrough calls fail with a "Playout Dejitter Mode value" error message and traceback, and a NAK message is generated.
Conditions: This symptom is observed on a Cisco AS5400 access server for every MPT call.
Workaround: There is no workaround.
•CSCin76381
Symptoms: A PXF exception may occur on a Cisco 7200 series that is configured with an NSE-1 or on a Cisco 7401 that has PXF enabled when either of these platforms function as an LNS.
Conditions: This symptom is observed when an L2TP session is established over a VLAN subinterface that has ISL encapsulation enabled and when traffic is processed on this subinterface.
Workaround: Disable PXF by entering the no ip pxf command.
•CSCin76900
Symptoms: A PA-A3-8T1IMA or PA-A3-8E1IMA port adapter that is installed in a Cisco 7xxx series may display an increasing "rx_no_buffer" counter in the output of the show controllers atm privileged EXEC command, and some PVCs that are configured on the port adapter may stop receiving traffic.
Conditions: This symptom is observed when there is a high-traffic load on the PA-A3-8T1IMA or PA-A3-8E1IMA port adapter.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-A3-8T1IMA or PA-A3-8E1IMA port adapter, or as an alternate workaround, reset the VIP or FlexWAN.
•CSCin76977
Symptoms: The ccm-manager redundant-host command may not be accepted, preventing you from configuring a backup CCM.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.8).
Workaround: There is no workaround.
•CSCin78324
Symptoms: A Cisco 7200 VXR router may hang.
Conditions: This symptom is observed on a Cisco 7200 VXR router that has a PA-MC-8TE1 and that is configured for IPSec encryption, either via tunnel protection or via a crypto map.
Workaround: Disable IPSec encryption.
•CSCin78325
Symptoms: A serial interface of a PA-MC-8TE1+ continues to process packets even after the interface is placed in the "ADMINDOWN" state. The counters in the output of the show interfaces serial command may continue to increment even if the serial interface is shut down.
Conditions: This symptom is observed on a serial interface of a PA-MC-8TE1+ when there is a channel-group configuration for the interface.
Workaround: Remove the channel-group configuration for the interface.
•CSCuk50745
Symptoms: An MGCP 0.1 message from a gateway to a call agent causes the call agent to block resources in the gateway.
Conditions: This symptom is observed on a Cisco platform that functions as a gateway when the mgcp call-agent pgw service-type mgcp version 1.0 command is enabled.
Workaround: Configure the gateway to use MGCP version 0.1 instead of MGCP version 1.0.
•CSCuk51269
Symptoms: Multicast packets such as HSRP and OSPF are not received on a port-channel interface.
Conditions: This symptom is observed when a port-channel interface is configured on a Cisco router, when you reload the router, and when the first member is added to the port-channel interface by entering the no shutdown interface configuration command on physical interface.
Workaround: Enter the do shutdown interface configuration command followed by the no shutdown interface configuration command on the port-channel interface.
•CSCuk51788
Symptoms: MGCP links between a gateway and an EGW call agent fail may fail to come back into service.
Conditions: This symptom is observed when you change from Cisco IOS Release 12.3(4)T4 to Release 12.3(8)T. The gateway normally uses the bind address that is specified to respond to MGCP messages. After upgrading to Release 12.3(8)T, the MGCP bind control seems to be ignored and the gateway uses the best available interface IP address as the source address. The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
Novell IPX, XNS, and Apollo Domain
•CSCdp61040
Symptoms: A router may generate a spurious memory access warning message that points to the processing of service information.
Conditions: This symptom is observed on a Cisco router that routes IPX traffic and handles SAP packets.
Workaround: There is no workaround.
Wide-Area Networking
•CSCeb71004
Symptoms: When multiple dialout calls are triggered at virtually the same time on a Cisco AS5300 with a Large-Scale-Dial-Out (LSDO) configuration, the resulting accounting records may be either wrong or missing.
Condition: This symptom is observed in a stress test under lab conditions when the concurrent dialout attempts are made using the same E1 link and when the packets triggering the dialout arrive at the same time, causing two ISDN SETUP messages within a very short period, that is, within 5 to 10 msec.
Workaround: There is no workaround.
•CSCec83030
Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
•CSCed32334
Symptoms: An ISDN link on a BRI interface may fail to establish itself, and a ping may fail.
Conditions: This symptom is observed when the BRI link is connected through an ISDN simulator. There is about a 70-percent chance that the symptom occurs.
Workaround: There is no workaround.
•CSCed87256
Symptoms: All traffic stops after an OIR is performed on an NM-8B.
Conditions: This symptom is observed in an ISDN leased line environment.
Workaround: Reload the router.
•CSCee32172
Symptoms: Redial does not function properly when two dialer strings are configured on a NAS.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(8)T or Release 12.3(9) and that functions as a NAS.
Workaround: Configure only one dialer string.
•CSCee42458
Symptoms: When ISDN preauthentication is used to trigger a D-channel callback on a Cisco access server, the resulting callback call is unable to perform two-way PPP authentication, and the call is disconnected.
The output of the debug dialer command displays an error message similar to the following one:
DDR: Remote name for client1 doesn't match LSDO name 12345
One-way authentication does work: you can configure this by entering the ppp authentication chap pap callin command on the access server or by including the "preauth:auth-required=0" attribute in the RADIUS pre-authentication profile.
Conditions: This symptom is observed on a Cisco access server that runs Cisco IOS Release 12.2 or Release 12.3.
Workaround: Use the callback number as the PPP user name on the remote client. (This workaround somewhat defeats the flexibility of D-channel callback.)
In a Cisco IOS release that contains the fix for this caveat, you can use the "preauth:remote-name" RADIUS attribute to specify the remote name for subsequent two-way authentication.
•CSCee42501
Symptoms: When a Cisco access server performs a D-channel callback call that is triggered by ISDN preauthentication, the call is not forwarded.
Conditions: This symptom is observed on a Cisco access server that runs Cisco IOS Release 12.3 when the RADIUS profile of the remote user that is retrieved during two-way PPP authentication contains VPDN tunnel attributes and when the vpdn authen-before-forward command is configured on the LAC.
Workaround: Replace the D-channel callback by PPP-callback on the LNS using L2TP dial-out.
•CSCee47761
Symptoms: A Cisco 7500 series Route Switch Processor (RSP) may crash while Multilink PPP (MLP) is running.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5), that is equipped with a VIP4-80 and PA-A3 ATM port adapters, and that is configured for distributed Link Fragmentation and Interleaving over ATM (dLFIoATM).
Workaround: There is no workaround.
•CSCee53018
Symptoms: When you enter the show frame-relay lmi command on a router, the router may crash, or alignment errors may occur.
Conditions: This symptom is observed after you first have deleted an MFR interface on the router.
Workaround: There is no workaround.
•CSCee56928
Symptoms: A Cisco AS5400 may crash with a bus error while accessing an invalid address.
Conditions: This symptom is observed when you enter the dialer map ip command and then remove this command.
Workaround: There is no workaround.
•CSCee60898
Symptom: A process-switched L2TP packet is dropped on an LNS when the sessions are created into multiple VRFs. There is no problem with a CEF-switched session.
Conditions: This symptom is observed when one of the sessions is process-switched (for example, the UDP checksum is present) and when CEF switching is enabled.
Workaround: Disable CEF switching by entering the no ip route-cache cef interface configuration command on the virtual-template interface or enter the vpdn ip udp ignore checksum global configuration command.
•CSCee71286
Symptoms: You cannot dynamically change the service state of ISDN B-channels.
This symptom is observed with ISDN switch type NTT.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected interface. If this is not an option, there is no workaround.
•CSCee74615
Symptoms: A Cisco L2TP network server (LNS) may not send the following RADIUS accounting record attributes:
–42 (Acct-Input-Octets)
–43 (Acct-Output-Octets)
–47 (Acct-Input-Packets)
–48 (Acct-Output-Packets)
Conditions: This symptom is observed when all of the following conditions are present:
–The RADIUS accounting record is an "Acct-Status-Type = Stop" record.
–The "Acct-Terminate-Cause" is "Lost-Carrier."
–The subscriber is an L2TP tunnel-switched subscriber (on a VPDN multihop).
Workaround: There is no workaround.
•CSCee81662
Symptoms: PPP sessions may get stuck in the TERMSENT state.
Conditions: This symptom is observed on a Cisco platform that has a high CPU utilization.
Workaround: Clear the underlying layer (VPDN, PPPoA, or PPPoE).
•CSCee82624
Symptoms: A spurious memory access may occur on a Cisco router that is configured for PPP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(5).
Workaround: There is no workaround.
•CSCee83305
Symptoms: A spurious memory access may occur at the "dialer_redial_initiate" process on a Cisco 3660.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(9.8) or Release 12.3(9.6)T when a BRI interface is being configured.
Workaround: There is no workaround.
•CSCee85167
Symptoms: You cannot create a PPP multilink bundle for a PPP over ATM (PPPoA) session when the ppp multilink command is configured on a virtual-template interface.
Conditions: This symptom is observed when a PPPoA session is already established on a virtual-access subinterface of the virtual-template interface.
Workarounds: After you have entered the ppp multilink command, force the PPPoA session to reset by either shutting down the ATM interface or by entering the clear interface command on the virtual-access subinterface.
•CSCef06545
Symptoms: A Cisco AS5400 may send an incorrect disconnect cause code.
Conditions: This symptom is observed on a Cisco AS5400 that is configured with an ISDN PRI in the following scenario:
A Cisco AS5400 receives a call setup from an E1 PRI. A call setup is initiated to a PBX. If the called number does not exist, the PBX returns a correct disconnect cause code of 0x1 (unallocated/unassigned number) to the Cisco AS5400. However, after receiving the correct disconnect cause code, the Cisco AS5400 send a different and incorrect decimal disconnect cause code of 96, which is an unassigned cause code, to the call originator.
Workaround: There is no workaround.
•CSCef12262
Symptoms: With PPP multilink over ATM configured in Cisco IOS, the router may reload with a bus error.
Conditions: This symptom is observed when the PPP over ATM link goes down and is removed from the multilink bundle.
Workaround: Increasing the keepalive interval or retry count, or disabling keepalives altogether, may help to avoid the problem by making it less likely that the PPP over ATM session goes down during periods of instability in the ATM network.
•CSCin74403
Symptoms: A syslog message may not be generated when a session limit is exceeded.
Conditions: This symptom is observed when the VPDN session limit is configured on a VPDN group or VPDN template on a LAC or LNS. If the no vpdn session-limit global configuration command is enabled, a syslog message is generated when the session limit is exceeded.
Workaround: There is no workaround.
•CSCin74940
Symptoms: A11 sessions on a Cisco PDSN may be stuck in the "EST" establishing state, and PPP negotiation may stop progressing any further. This situation may cause the Cisco PDSN to run out of memory, preventing new PPP sessions (PDSN or otherwise) from being started, and possibly preventing other features from being used.
Conditions: This symptom is observed on a Cisco PDSN that runs Cisco IOS Release 12.3(7)T or a later release later after about 1 million sessions are established and closed.
Workaround: There is no workaround.